CVE-2013-1619

Priority
Description
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and
3.1.x before 3.1.7 does not properly consider timing side-channel attacks
on a noncompliant MAC check operation during the processing of malformed
CBC padding, which allows remote attackers to conduct distinguishing
attacks and plaintext-recovery attacks via statistical analysis of timing
data for crafted packets, a related issue to CVE-2013-0169.
Assigned-to
mdeslaur
Notes
jdstrandLP: #1166634 is reported as a regression
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (2.12.20-4)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.12.14-5ubuntu3.2)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (2.12.23-1ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://gitorious.org/gnutls/gnutls/commit/458c67cf98740e7b12404f6c30e0d5317d56fd30
Upstream:https://gitorious.org/gnutls/gnutls/commit/93b7fcfa3297a9123630704668b2946f602b910e
Upstream:https://gitorious.org/gnutls/gnutls/commit/7b65049a81ea02a92fef934318a680afd55e98d2 (backporting)
Package
Upstream:released (3.0.22-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.2.11-2ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.2.11-2ubuntu1)
Patches:
Upstream:https://gitorious.org/gnutls/gnutls/commit/8dc2822966f64dd9cf7dde9c7aacd80d49d3ffe5
More Information

Updated: 2020-09-10 02:33:58 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)