LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openssl: multiple vulnerabilities

Package(s):openssl CVE #(s):CVE-2013-0166 CVE-2013-0169
Created:February 8, 2013 Updated:April 8, 2013
Description: From the OpenSSL advisory:

SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)

Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/

TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)

A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack.

Alerts:
Mageia MGASA-2013-0041 2013-02-08
Slackware SSA:2013-040-01 2013-02-09
Slackware SSA:2013-042-01 2013-02-11
Debian DSA-2621-1 2013-02-13
Debian DSA-2622-1 2013-02-13
Red Hat RHSA-2013:0273-01 2013-02-20
Red Hat RHSA-2013:0274-01 2013-02-20
Red Hat RHSA-2013:0275-01 2013-02-20
Red Hat RHSA-2013:0531-01 2013-02-20
Red Hat RHSA-2013:0532-01 2013-02-20
Scientific Linux SL-java-20130220 2013-02-20
Scientific Linux SL-java-20130220 2013-02-20
Scientific Linux SL-java-20130220 2013-02-20
CentOS CESA-2013:0273 2013-02-20
CentOS CESA-2013:0274 2013-02-20
CentOS CESA-2013:0275 2013-02-20
CentOS CESA-2013:0275 2013-02-20
Oracle ELSA-2013-0273 2013-02-20
Oracle ELSA-2013-0275 2013-02-20
Oracle ELSA-2013-0275 2013-02-21
Ubuntu USN-1732-1 2013-02-21
Fedora FEDORA-2013-2764 2013-02-21
Fedora FEDORA-2013-2813 2013-02-21
Mageia MGASA-2013-0062 2013-02-21
Oracle ELSA-2013-0274 2013-02-21
Ubuntu USN-1735-1 2013-02-21
Mandriva MDVSA-2013:014 2013-02-22
SUSE SUSE-SU-2013:0328-1 2013-02-22
openSUSE openSUSE-SU-2013:0337-1 2013-02-25
openSUSE openSUSE-SU-2013:0336-1 2013-02-25
openSUSE openSUSE-SU-2013:0339-1 2013-02-25
Scientific Linux SL-java-20130227 2013-02-27
openSUSE openSUSE-SU-2013:0375-1 2013-03-01
openSUSE openSUSE-SU-2013:0378-1 2013-03-01
Mageia MGASA-2013-0084 2013-03-03
Fedora FEDORA-2013-2834 2013-03-02
Red Hat RHSA-2013:0587-01 2013-03-04
Scientific Linux SL-open-20130304 2013-03-04
CentOS CESA-2013:0587 2013-03-05
Oracle ELSA-2013-0587 2013-03-04
Oracle ELSA-2013-0587 2013-03-05
Ubuntu USN-1732-2 2013-02-28
Mandriva MDVSA-2013:018 2013-03-06
Fedora FEDORA-2013-2793 2013-03-08
Mandriva MDVSA-2013:019 2013-03-07
CentOS CESA-2013:0587 2013-03-09
Ubuntu USN-1732-3 2013-03-25
Fedora FEDORA-2013-4403 2013-04-03
Mandriva MDVSA-2013:050 2013-04-05
Mandriva MDVSA-2013:052 2013-04-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds