CVE-2013-2566

Priority
Low
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
References
Notes
jdstrand> this is a protocol problem not specific to openssl. Using openssl
as a placeholder until more information is available
jdstrand> marking low for now until more information is available. At present,
naive attacks need tens to hundreds of millions of TLS connections. Optimized
attacks are not present yet.
jdstrand> marking deferred since there is no consensus on what to do (we can't
just disable RC4)
mdeslaur> marking as ignored since there is no actionable item
Package
Upstream:released (24.1.1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.1.1+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (1:24.1.1+build1-0ubuntu0.12.10.1)
Ubuntu 13.10 (Saucy Salamander):released (1:24.1.1+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.1.1+build1-0ubuntu0.13.10.1)
Package
Upstream:released (25.0.1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (25.0.1+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (25.0.1+build1-0ubuntu0.12.10.1)
Ubuntu 13.10 (Saucy Salamander):released (25.0.1+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (26.0~b6+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored
Ubuntu 12.04 LTS (Precise Pangolin):ignored
Ubuntu 12.10 (Quantal Quetzal):ignored
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):ignored
More Information

Valid XHTML 1.0 Strict

Updated: 2014-03-21 19:14:35 UTC (commit 7867)