CVE-2013-0169

NameCVE-2013-0169
DescriptionThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2621-1, DSA-2622-1
NVD severitylow (attack range: remote)
Debian Bugs699885, 699887, 699888, 699889
Debian/oldstablepackages bouncycastle, gnutls26, matrixssl, nss, openjdk-6 are vulnerable.
Debian/stablepackages bouncycastle, haskell-tls, matrixssl, tlslite are vulnerable.
Debian/testingpackage haskell-tls is vulnerable.
Debian/unstablepackage haskell-tls is vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bouncycastle (PTS)squeeze1.44+dfsg-2vulnerable
wheezy1.44+dfsg-3.1vulnerable
jessie, sid1.49+dfsg-3fixed
cyassl (PTS)sid2.9.4+dfsg-3fixed
gnutls26 (PTS)squeeze (security), squeeze2.8.6-1+squeeze3vulnerable
squeeze (lts)2.8.6-1+squeeze5vulnerable
wheezy2.12.20-8+deb7u2fixed
wheezy (security)2.12.20-8+deb7u3fixed
gnutls28 (PTS)jessie, sid3.3.8-6fixed
haskell-tls (PTS)wheezy0.9.5-1vulnerable
jessie, sid1.2.9-2vulnerable
matrixssl (PTS)wheezy, squeeze1.8.8-1vulnerable
nss (PTS)squeeze (security), squeeze3.12.8-1+squeeze7vulnerable
squeeze (lts)3.12.8-1+squeeze11vulnerable
wheezy2:3.14.5-1+deb7u3fixed
wheezy (security)2:3.14.5-1+deb7u4fixed
jessie, sid2:3.17.2-1.1fixed
openjdk-6 (PTS)squeeze6b18-1.8.13-0+squeeze2vulnerable
squeeze (security)6b31-1.13.3-1~deb6u1fixed
squeeze (lts)6b34-1.13.6-1~deb6u1fixed
wheezy6b27-1.12.5-1fixed
wheezy (security)6b34-1.13.6-1~deb7u1fixed
sid6b34-1.13.6-1fixed
openjdk-7 (PTS)wheezy7u3-2.1.7-1fixed
wheezy (security)7u75-2.5.4-1~deb7u1fixed
jessie7u75-2.5.4-2fixed
sid7u75-2.5.4-3fixed
openssl (PTS)squeeze (security), squeeze0.9.8o-4squeeze14fixed
squeeze (lts)0.9.8o-4squeeze20fixed
wheezy1.0.1e-2+deb7u13fixed
wheezy (security)1.0.1e-2+deb7u16fixed
jessie, sid1.0.1k-3fixed
polarssl (PTS)squeeze (security), squeeze1.2.9-1~deb6u1fixed
squeeze (lts)1.2.9-1~deb6u4fixed
wheezy1.2.9-1~deb7u4fixed
wheezy (security)1.2.9-1~deb7u5fixed
jessie, sid1.3.9-2.1fixed
tlslite (PTS)wheezy0.3.8-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bouncycastlesource(unstable)1.48+dfsg-2low699885
cyasslsource(unstable)2.9.4+dfsg-1low
gnutls26source(unstable)2.12.20-4low
gnutls28source(unstable)3.0.22-3low
haskell-tlssource(unstable)(unfixed)low
matrixsslsource(unstable)(unfixed)low
nsssource(unstable)2:3.14.3-1low699888
openjdk-6source(unstable)6b27-1.12.3-1low
openjdk-7source(unstable)7u3-2.1.6-1low
opensslsource(unstable)1.0.1e-1low699889
opensslsourcesqueeze0.9.8o-4squeeze14lowDSA-2621-1
polarsslsource(unstable)1.1.4-2low699887
polarsslsourcesqueeze0.12.1-1squeeze1lowDSA-2622-1
tlslitesource(unstable)(unfixed)low

Notes

[wheezy] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
[wheezy] - haskell-tls <no-dsa> (Minor issue)
[jessie] - haskell-tls <no-dsa> (Minor issue)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fixed this upstream in 3.4.1
[wheezy] - tlslite <no-dsa> (Minor issue)
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

Search for package or bug name: Reporting problems