CVE-2013-2566

Priority
Low
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
References
Notes
 jdstrand> this is a protocol problem not specific to openssl. Using openssl
  as a placeholder until more information is available
 jdstrand> marking low for now until more information is available. At present,
  naive attacks need tens to hundreds of millions of TLS connections. Optimized
  attacks are not present yet.
 jdstrand> marking deferred since there is no consensus on what to do (we can't
  just disable RC4)
 mdeslaur> marking as ignored since there is no actionable item
Package
Upstream:released (24.1.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.1.1+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.1.1+build1-0ubuntu0.13.10.1)
Package
Upstream:released (25.0.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (25.0.1+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (26.0~b6+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):ignored
Ubuntu 14.04 LTS (Trusty Tahr):ignored
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:41:41 UTC (commit 9756)