CVE-2013-1623
Published: 8 February 2013
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Notes
| Author | Note |
|---|---|
| jdstrand | no updates from upstream at this time |
| seth-arnold | not mentioned in April CPU, but the code fixed in the Debian bug report is present, looks fixed |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mysql-5.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Released
(5.1.69-0ubuntu0.11.10.1)
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mysql-5.5 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Released
(5.5.31-0ubuntu0.12.04.1)
|
|
| quantal |
Released
(5.5.31-0ubuntu0.12.10.1)
|
|
| raring |
Released
(5.5.31-0ubuntu0.13.04.1)
|
|
| upstream |
Needs triage
|
|
|
mysql-dfsg-5.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(5.1.69-0ubuntu0.10.04.1)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| upstream |
Needs triage
|