CVE-2013-0169

NameCVE-2013-0169
DescriptionThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2621-1, DSA-2622-1
Debian Bugs699885, 699887, 699888, 699889

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bouncycastle (PTS)jessie, jessie (lts)1.49+dfsg-3+deb8u3fixed
stretch (security)1.56-1+deb9u3fixed
stretch (lts), stretch1.56-1+deb9u4fixed
buster (security), buster, buster (lts)1.60-1+deb10u1fixed
bullseye1.68-2fixed
bookworm1.72-2fixed
sid, trixie1.77-1fixed
gnutls28 (PTS)jessie, jessie (lts)3.3.30-0+deb8u2fixed
stretch (security)3.5.8-5+deb9u6fixed
stretch (lts), stretch3.5.8-5+deb9u7fixed
buster (security), buster, buster (lts)3.6.7-4+deb10u12fixed
bullseye3.7.1-5+deb11u5fixed
bullseye (security)3.7.1-5+deb11u6fixed
bookworm3.7.9-2+deb12u3fixed
sid, trixie3.8.8-2fixed
nss (PTS)jessie, jessie (lts)2:3.26-1+debu8u19fixed
stretch (security)2:3.26.2-1.1+deb9u5fixed
stretch (lts), stretch2:3.26.2-1.1+deb9u8fixed
buster, buster (lts)2:3.42.1-1+deb10u9fixed
buster (security)2:3.42.1-1+deb10u8fixed
bullseye2:3.61-1+deb11u3fixed
bullseye (security)2:3.61-1+deb11u4fixed
bookworm2:3.87.1-1fixed
bookworm (security)2:3.87.1-1+deb12u1fixed
sid, trixie2:3.106-1fixed
openjdk-7 (PTS)jessie, jessie (lts)7u321-2.6.28-0+deb8u1fixed
openssl (PTS)jessie, jessie (lts)1.0.1t-1+deb8u22fixed
stretch (security)1.1.0l-1~deb9u6fixed
stretch (lts), stretch1.1.0l-1~deb9u10fixed
buster, buster (lts)1.1.1n-0+deb10u7fixed
buster (security)1.1.1n-0+deb10u6fixed
bullseye1.1.1w-0+deb11u1fixed
bullseye (security)1.1.1w-0+deb11u2fixed
bookworm3.0.15-1~deb12u1fixed
bookworm (security)3.0.14-1~deb12u2fixed
sid, trixie3.3.2-2fixed
polarssl (PTS)jessie, jessie (lts)1.3.9-2.1+deb8u4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bouncycastlesource(unstable)1.48+dfsg-2low699885
cyasslsource(unstable)2.9.4+dfsg-1
gnutls26source(unstable)2.12.20-4
gnutls28source(unstable)3.0.22-3
matrixsslsource(unstable)(unfixed)low
nsssource(unstable)2:3.14.3-1699888
openjdk-6source(unstable)6b27-1.12.3-1
openjdk-7source(unstable)7u3-2.1.6-1
opensslsourcesqueeze0.9.8o-4squeeze14DSA-2621-1
opensslsource(unstable)1.0.1e-1699889
polarsslsourcesqueeze0.12.1-1squeeze1DSA-2622-1
polarsslsource(unstable)1.1.4-2699887
tlslitesource(unstable)(unfixed)

Notes

[wheezy] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fixed this upstream in 3.4.1
[wheezy] - tlslite <no-dsa> (Minor issue)
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

Search for package or bug name: Reporting problems