CVE-2013-0169

NameCVE-2013-0169
DescriptionThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2621-1, DSA-2622-1
Debian Bugs699885, 699887, 699888, 699889

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bouncycastle (PTS)jessie, jessie (lts)1.49+dfsg-3+deb8u3fixed
stretch (security), stretch (lts), stretch1.56-1+deb9u3fixed
buster1.60-1fixed
bullseye1.68-2fixed
sid, bookworm1.71-1fixed
gnutls28 (PTS)jessie, jessie (lts)3.3.30-0+deb8u2fixed
stretch (security), stretch (lts), stretch3.5.8-5+deb9u6fixed
buster3.6.7-4+deb10u8fixed
buster (security)3.6.7-4+deb10u9fixed
bullseye (security), bullseye3.7.1-5+deb11u2fixed
sid, bookworm3.7.8-4fixed
nss (PTS)jessie, jessie (lts)2:3.26-1+debu8u16fixed
stretch (security), stretch (lts), stretch2:3.26.2-1.1+deb9u5fixed
buster, buster (security)2:3.42.1-1+deb10u5fixed
bullseye (security), bullseye2:3.61-1+deb11u2fixed
sid, bookworm2:3.85-1fixed
openjdk-7 (PTS)jessie, jessie (lts)7u321-2.6.28-0+deb8u1fixed
openssl (PTS)jessie, jessie (lts)1.0.1t-1+deb8u19fixed
stretch (security)1.1.0l-1~deb9u6fixed
stretch (lts), stretch1.1.0l-1~deb9u7fixed
buster, buster (security)1.1.1n-0+deb10u3fixed
bullseye (security), bullseye1.1.1n-0+deb11u3fixed
sid, bookworm3.0.7-1fixed
polarssl (PTS)jessie, jessie (lts)1.3.9-2.1+deb8u4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bouncycastlesource(unstable)1.48+dfsg-2low699885
cyasslsource(unstable)2.9.4+dfsg-1
gnutls26source(unstable)2.12.20-4
gnutls28source(unstable)3.0.22-3
matrixsslsource(unstable)(unfixed)low
nsssource(unstable)2:3.14.3-1699888
openjdk-6source(unstable)6b27-1.12.3-1
openjdk-7source(unstable)7u3-2.1.6-1
opensslsourcesqueeze0.9.8o-4squeeze14DSA-2621-1
opensslsource(unstable)1.0.1e-1699889
polarsslsourcesqueeze0.12.1-1squeeze1DSA-2622-1
polarsslsource(unstable)1.1.4-2699887
tlslitesource(unstable)(unfixed)

Notes

[wheezy] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fixed this upstream in 3.4.1
[wheezy] - tlslite <no-dsa> (Minor issue)
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Search for package or bug name: Reporting problems