CVE-2011-3389

Name	CVE-2011-3389
Description	The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-154-1, DLA-400-1, DSA-2356-1, DSA-2358-1, DSA-2368-1, DSA-2398-1
Debian Bugs	645881, 678998, 684511

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
asterisk (PTS)	jessie, jessie (lts)	1:11.13.1~dfsg-2+deb8u8	fixed
	stretch (security)	1:13.14.1~dfsg-2+deb9u6	fixed
	stretch (lts), stretch	1:13.14.1~dfsg-2+deb9u9	fixed
	buster	1:16.2.1~dfsg-1+deb10u2	fixed
	buster (security)	1:16.28.0~dfsg-0+deb10u4	fixed
	bullseye	1:16.28.0~dfsg-0+deb11u3	fixed
	bullseye (security)	1:16.28.0~dfsg-0+deb11u4	fixed
	sid	1:20.6.0~dfsg+~cs6.13.40431414-2	fixed
bouncycastle (PTS)	jessie, jessie (lts)	1.49+dfsg-3+deb8u3	fixed
	stretch (security)	1.56-1+deb9u3	fixed
	stretch (lts), stretch	1.56-1+deb9u4	fixed
	buster	1.60-1	fixed
	buster (security)	1.60-1+deb10u1	fixed
	bullseye	1.68-2	fixed
	bookworm	1.72-2	fixed
	sid, trixie	1.77-1	fixed
chromium-browser (PTS)	jessie, jessie (lts)	57.0.2987.98-1~deb8u1	fixed
	stretch (security), stretch (lts), stretch	71.0.3578.80-1~deb9u1	fixed
curl (PTS)	jessie, jessie (lts)	7.38.0-4+deb8u27	fixed
	stretch (security)	7.52.1-5+deb9u16	fixed
	stretch (lts), stretch	7.52.1-5+deb9u21	fixed
	buster	7.64.0-4+deb10u2	fixed
	buster (security)	7.64.0-4+deb10u9	fixed
	bullseye (security), bullseye	7.74.0-1.3+deb11u11	fixed
	bookworm (security), bookworm	7.88.1-10+deb12u5	fixed
	sid, trixie	8.7.1-3	fixed
erlang (PTS)	jessie, jessie (lts)	1:17.3-dfsg-4+deb8u2	fixed
	stretch (security)	1:19.2.1+dfsg-2+deb9u1	fixed
	stretch (lts), stretch	1:19.2.1+dfsg-2+really23.3.4.18-0+deb9u2	fixed
	buster	1:21.2.6+dfsg-1	fixed
	buster (security)	1:22.2.7+dfsg-1+deb10u1	fixed
	bullseye	1:23.2.6+dfsg-1+deb11u1	fixed
	bookworm	1:25.2.3+dfsg-1	fixed
	trixie	1:25.3.2.8+dfsg-1	fixed
	sid	1:25.3.2.11+dfsg-1	fixed
gnutls28 (PTS)	jessie, jessie (lts)	3.3.30-0+deb8u2	vulnerable
	stretch (security), stretch (lts), stretch	3.5.8-5+deb9u6	vulnerable
	buster	3.6.7-4+deb10u8	vulnerable
	buster (security)	3.6.7-4+deb10u12	vulnerable
	bullseye	3.7.1-5+deb11u4	vulnerable
	bullseye (security)	3.7.1-5+deb11u3	vulnerable
	bookworm	3.7.9-2+deb12u2	vulnerable
	sid, trixie	3.8.5-2	vulnerable
haskell-tls (PTS)	jessie	1.2.9-2	vulnerable
	stretch	1.3.8-3	vulnerable
	buster	1.4.1-3	vulnerable
	bullseye	1.5.4-1	vulnerable
	bookworm	1.5.8-1	vulnerable
	sid, trixie	1.6.0-1	vulnerable
lighttpd (PTS)	jessie, jessie (lts)	1.4.35-4+deb8u1	fixed
	stretch (security), stretch (lts), stretch	1.4.45-1+deb9u1	fixed
	buster	1.4.53-4+deb10u2	fixed
	buster (security)	1.4.53-4+deb10u3	fixed
	bullseye (security), bullseye	1.4.59-1+deb11u2	fixed
	bookworm	1.4.69-1	fixed
	trixie	1.4.74-1	fixed
	sid	1.4.74-2	fixed
nss (PTS)	jessie, jessie (lts)	2:3.26-1+debu8u18	fixed
	stretch (security)	2:3.26.2-1.1+deb9u5	fixed
	stretch (lts), stretch	2:3.26.2-1.1+deb9u7	fixed
	buster	2:3.42.1-1+deb10u5	fixed
	buster (security)	2:3.42.1-1+deb10u8	fixed
	bullseye (security), bullseye	2:3.61-1+deb11u3	fixed
	bookworm	2:3.87.1-1	fixed
	sid, trixie	2:3.99-1	fixed
openjdk-7 (PTS)	jessie, jessie (lts)	7u321-2.6.28-0+deb8u1	fixed
polarssl (PTS)	jessie, jessie (lts)	1.3.9-2.1+deb8u4	vulnerable
pound (PTS)	jessie, jessie (lts)	2.6-6+deb8u3	fixed
	stretch	2.7-1.3+deb9u1	fixed
	bullseye	3.0-2	fixed
python2.7 (PTS)	jessie, jessie (lts)	2.7.9-2-ds1-1+deb8u12	fixed
	stretch (security)	2.7.13-2+deb9u6	fixed
	stretch (lts), stretch	2.7.13-2+deb9u9	fixed
	buster	2.7.16-2+deb10u1	fixed
	buster (security)	2.7.16-2+deb10u4	fixed
	bullseye	2.7.18-8+deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
asterisk	source	squeeze	(unfixed)	end-of-life
asterisk	source	jessie	1:11.13.1~dfsg-2+deb8u1
asterisk	source	(unstable)	1:13.7.2~dfsg-1
bouncycastle	source	(unstable)	1.49+dfsg-1
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	(unstable)	15.0.874.106~r107270-1
curl	source	lenny	7.18.2-8lenny6		DSA-2398-1
curl	source	squeeze	7.21.0-2.1+squeeze1		DSA-2398-1
curl	source	(unstable)	7.24.0-1
cyassl	source	(unstable)	(unfixed)
erlang	source	(unstable)	1:15.b-dfsg-1
gnutls26	source	(unstable)	(unfixed)	unimportant
gnutls28	source	(unstable)	(unfixed)	unimportant
haskell-tls	source	(unstable)	(unfixed)	unimportant
iceweasel	source	(unstable)	(not affected)
lighttpd	source	lenny	1.4.19-5+lenny3		DSA-2368-1
lighttpd	source	squeeze	1.4.28-2+squeeze1		DSA-2368-1
lighttpd	source	(unstable)	1.4.30-1
matrixssl	source	(unstable)	(unfixed)	low
nss	source	squeeze	3.12.8-1+squeeze11		DLA-154-1
nss	source	(unstable)	3.13.1.with.ckbi.1.88-1
openjdk-6	source	lenny	6b18-1.8.10-0~lenny2		DSA-2358-1
openjdk-6	source	squeeze	6b18-1.8.10-0+squeeze2		DSA-2356-1
openjdk-6	source	(unstable)	6b23~pre11-1
openjdk-7	source	(unstable)	7~b147-2.0-1
polarssl	source	(unstable)	(unfixed)	unimportant
pound	source	squeeze	2.6-1+deb6u1		DLA-400-1
pound	source	(unstable)	2.6-2
python2.6	source	(unstable)	2.6.8-0.1			684511
python2.7	source	(unstable)	2.7.3~rc1-1
python3.1	source	(unstable)	(unfixed)			678998
python3.2	source	(unstable)	3.2.3~rc1-1
sun-java6	source	(unstable)	(unfixed)			645881
tlslite	source	(unstable)	(unfixed)

Notes

[lenny] - sun-java6 <no-dsa> (Non-free not supported)
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
http://curl.haxx.se/docs/adv_20120124B.html
[squeeze] - python2.6 <no-dsa> (Minor issue)
[squeeze] - python3.1 <no-dsa> (Minor issue)
http://bugs.python.org/issue13885
python3.1 is fixed starting 3.1.5
No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0
No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fix this upstream in 3.2.2
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[wheezy] - bouncycastle <no-dsa> (Minor issue)
No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9
https://bugzilla.mozilla.org/show_bug.cgi?id=665814
https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases
[wheezy] - tlslite <no-dsa> (Minor issue)
Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - asterisk <no-dsa> (Minor issue)
[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
http://downloads.digium.com/pub/security/AST-2016-001.html
https://issues.asterisk.org/jira/browse/ASTERISK-24972
patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
all versions vulnerable, backport required for wheezy