Name | CVE-2011-4108 |
Description | The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-2390-1 |
Debian Bugs | 645805 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
openssl (PTS) | bullseye | 1.1.1w-0+deb11u1 | fixed |
bullseye (security) | 1.1.1w-0+deb11u4 | fixed | |
bookworm | 3.0.17-1~deb12u2 | fixed | |
bookworm (security) | 3.0.17-1~deb12u3 | fixed | |
trixie | 3.5.1-1 | fixed | |
trixie (security) | 3.5.1-1+deb13u1 | fixed | |
forky, sid | 3.5.4-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
openssl | source | lenny | 0.9.8g-15+lenny15 | DSA-2390-1 | ||
openssl | source | squeeze | 0.9.8o-4squeeze5 | DSA-2390-1 | ||
openssl | source | (unstable) | 1.0.0f-1 | low | 645805 |
http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest