CVE-2013-1623
Published: 8 February 2013
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Notes
Author | Note |
---|---|
jdstrand | no updates from upstream at this time |
seth-arnold | not mentioned in April CPU, but the code fixed in the Debian bug report is present, looks fixed |
Priority
Status
Package | Release | Status |
---|---|---|
mysql-5.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Released
(5.1.69-0ubuntu0.11.10.1)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Needs triage
|
|
mysql-5.5 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Released
(5.5.31-0ubuntu0.12.04.1)
|
|
quantal |
Released
(5.5.31-0ubuntu0.12.10.1)
|
|
raring |
Released
(5.5.31-0ubuntu0.13.04.1)
|
|
upstream |
Needs triage
|
|
mysql-dfsg-5.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(5.1.69-0ubuntu0.10.04.1)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Needs triage
|