CVE-2011-3389

Name	CVE-2011-3389
Description	The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-154-1, DLA-400-1, DSA-2356-1, DSA-2358-1, DSA-2368-1, DSA-2398-1
Debian Bugs	645881, 678998, 684511

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
asterisk (PTS)	bullseye	1:16.28.0~dfsg-0+deb11u4	fixed
	bullseye (security)	1:16.28.0~dfsg-0+deb11u5	fixed
	sid	1:22.0.0~dfsg+~cs6.14.60671435-1	fixed
bouncycastle (PTS)	bullseye	1.68-2	fixed
	bookworm	1.72-2	fixed
	sid, trixie	1.77-1	fixed
curl (PTS)	bullseye	7.74.0-1.3+deb11u13	fixed
	bullseye (security)	7.74.0-1.3+deb11u14	fixed
	bookworm	7.88.1-10+deb12u8	fixed
	bookworm (security)	7.88.1-10+deb12u5	fixed
	sid, trixie	8.11.0-1	fixed
erlang (PTS)	bullseye	1:23.2.6+dfsg-1+deb11u1	fixed
	bookworm	1:25.2.3+dfsg-1	fixed
	sid, trixie	1:25.3.2.12+dfsg-3	fixed
gnutls28 (PTS)	bullseye	3.7.1-5+deb11u5	vulnerable
	bullseye (security)	3.7.1-5+deb11u6	vulnerable
	bookworm	3.7.9-2+deb12u3	vulnerable
	sid, trixie	3.8.8-2	vulnerable
haskell-tls (PTS)	bullseye	1.5.4-1	vulnerable
	bookworm	1.5.8-1	vulnerable
	sid, trixie	1.8.0-1	vulnerable
lighttpd (PTS)	bullseye (security), bullseye	1.4.59-1+deb11u2	fixed
	bookworm	1.4.69-1	fixed
	sid, trixie	1.4.76-1	fixed
nss (PTS)	bullseye	2:3.61-1+deb11u3	fixed
	bullseye (security)	2:3.61-1+deb11u4	fixed
	bookworm	2:3.87.1-1	fixed
	bookworm (security)	2:3.87.1-1+deb12u1	fixed
	trixie	2:3.105-2	fixed
	sid	2:3.106-1	fixed
pound (PTS)	bullseye	3.0-2	fixed
	sid, trixie	4.15-1	fixed
python2.7 (PTS)	bullseye	2.7.18-8+deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
asterisk	source	squeeze	(unfixed)	end-of-life
asterisk	source	jessie	1:11.13.1~dfsg-2+deb8u1
asterisk	source	(unstable)	1:13.7.2~dfsg-1
bouncycastle	source	(unstable)	1.49+dfsg-1
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	(unstable)	15.0.874.106~r107270-1
curl	source	lenny	7.18.2-8lenny6		DSA-2398-1
curl	source	squeeze	7.21.0-2.1+squeeze1		DSA-2398-1
curl	source	(unstable)	7.24.0-1
cyassl	source	(unstable)	(unfixed)
erlang	source	(unstable)	1:15.b-dfsg-1
gnutls26	source	(unstable)	(unfixed)	unimportant
gnutls28	source	(unstable)	(unfixed)	unimportant
haskell-tls	source	(unstable)	(unfixed)	unimportant
iceweasel	source	(unstable)	(not affected)
lighttpd	source	lenny	1.4.19-5+lenny3		DSA-2368-1
lighttpd	source	squeeze	1.4.28-2+squeeze1		DSA-2368-1
lighttpd	source	(unstable)	1.4.30-1
matrixssl	source	(unstable)	(unfixed)	low
nss	source	squeeze	3.12.8-1+squeeze11		DLA-154-1
nss	source	(unstable)	3.13.1.with.ckbi.1.88-1
openjdk-6	source	lenny	6b18-1.8.10-0~lenny2		DSA-2358-1
openjdk-6	source	squeeze	6b18-1.8.10-0+squeeze2		DSA-2356-1
openjdk-6	source	(unstable)	6b23~pre11-1
openjdk-7	source	(unstable)	7~b147-2.0-1
polarssl	source	(unstable)	(unfixed)	unimportant
pound	source	squeeze	2.6-1+deb6u1		DLA-400-1
pound	source	(unstable)	2.6-2
python2.6	source	(unstable)	2.6.8-0.1			684511
python2.7	source	(unstable)	2.7.3~rc1-1
python3.1	source	(unstable)	(unfixed)			678998
python3.2	source	(unstable)	3.2.3~rc1-1
sun-java6	source	(unstable)	(unfixed)			645881
tlslite	source	(unstable)	(unfixed)

Notes

[lenny] - sun-java6 <no-dsa> (Non-free not supported)
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
- iceweasel <not-affected> (Vulnerable code not present)
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
http://curl.haxx.se/docs/adv_20120124B.html
[squeeze] - python2.6 <no-dsa> (Minor issue)
[squeeze] - python3.1 <no-dsa> (Minor issue)
http://bugs.python.org/issue13885
python3.1 is fixed starting 3.1.5
No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0
No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fix this upstream in 3.2.2
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[wheezy] - bouncycastle <no-dsa> (Minor issue)
No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9
https://bugzilla.mozilla.org/show_bug.cgi?id=665814
https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases
[wheezy] - tlslite <no-dsa> (Minor issue)
Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - asterisk <no-dsa> (Minor issue)
[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
http://downloads.digium.com/pub/security/AST-2016-001.html
https://issues.asterisk.org/jira/browse/ASTERISK-24972
patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
all versions vulnerable, backport required for wheezy