CVE 2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Related bugs and status
CVE-2013-0169 (Candidate) is related to these bugs:
Bug #1068029: memory leak in libgnutls28
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1068029 | memory leak in libgnutls28 | gnutls28 (Ubuntu) | Undecided | Fix Released |
Bug #1133333: SSL read error: decryption failed or bad record mac
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1133333 | SSL read error: decryption failed or bad record mac | openssl (Ubuntu) | High | Fix Released | ||
1133333 | SSL read error: decryption failed or bad record mac | openssl (Debian) | Unknown | Fix Released | ||
1133333 | SSL read error: decryption failed or bad record mac | OpenSSL | Unknown | Fix Released | ||
1133333 | SSL read error: decryption failed or bad record mac | openssl (Ubuntu Precise) | High | Fix Released | ||
1133333 | SSL read error: decryption failed or bad record mac | openssl (Ubuntu Quantal) | High | Fix Released | ||
1133333 | SSL read error: decryption failed or bad record mac | openssl (Ubuntu Raring) | High | Fix Released |
Bug #1134873: regression in 1.0.1-4ubuntu5.6 causes connection errors
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1134873 | regression in 1.0.1-4ubuntu5.6 causes connection errors | openssl (Ubuntu) | High | Fix Released | ||
1134873 | regression in 1.0.1-4ubuntu5.6 causes connection errors | OpenSSL | Unknown | Fix Released | ||
1134873 | regression in 1.0.1-4ubuntu5.6 causes connection errors | openssl (Ubuntu Precise) | High | Fix Released | ||
1134873 | regression in 1.0.1-4ubuntu5.6 causes connection errors | openssl (Ubuntu Quantal) | High | Fix Released | ||
1134873 | regression in 1.0.1-4ubuntu5.6 causes connection errors | openssl (Ubuntu Raring) | High | Fix Released |
Bug #1331452: Please backport current CVEs for Precise LTS openssl098
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1331452 | Please backport current CVEs for Precise LTS openssl098 | openssl098 (Ubuntu) | High | Fix Released | ||
1331452 | Please backport current CVEs for Precise LTS openssl098 | openssl098 (Ubuntu Precise) | High | Fix Released | ||
1331452 | Please backport current CVEs for Precise LTS openssl098 | openssl098 (Ubuntu Trusty) | Undecided | Fix Released | ||
1331452 | Please backport current CVEs for Precise LTS openssl098 | openssl098 (Ubuntu Saucy) | Undecided | Fix Released | ||
1331452 | Please backport current CVEs for Precise LTS openssl098 | openssl098 (Ubuntu Utopic) | High | Fix Released |
Bug #1811531: remote execution vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.