Alex Chernyakhovsky

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.1.1 through 1.1.1p OpenSSL versions 3.0.0 through 3.0.4 MySQL Server versions 5.7.39 and earlier MySQL Server versions 8.0.30 and earlier **Description** The AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation does not encrypt the entirety of the data under some circumstances, potentially revealing sixteen bytes of preexisting data in memory that was not written. In the special case of "in place" encryption, sixteen bytes of the plaintext could be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. **Recommendations** For OpenSSL versions 1.1.1 through 1.1.1p, update to version 1.1.1q. For OpenSSL versions 3.0.0 through 3.0.4, update to version 3.0.5. For MySQL Server versions 5.7.39 and earlier, update to a version later than 5.7.39. For MySQL Server versions 8.0.30 and earlier, update to a version later than 8.0.30. As a temporary workaround, consider disabling the AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenAFS versions prior to 1.4.15 OpenAFS versions 1.6.x prior to 1.6.5 OpenAFS versions 1.7.x prior to 1.7.26 **Description** The issue is related to the use of weak encryption, specifically DES, for Kerberos keys in OpenAFS. This weakness makes it easier for remote attackers to obtain the service key, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The exploitation of these weaknesses can be done remotely. **Recommendations** For OpenAFS versions prior to 1.4.15, update to version 1.4.15 or later. For OpenAFS versions 1.6.x prior to 1.6.5, update to version 1.6.5 or later. For OpenAFS versions 1.7.x prior to 1.7.26, update to version 1.7.26 or later.