thank You, folks. this is a lot 2 wrap my mind around 4 a few days. On 2/13/13, Thijs Kinkhorst <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2622-1 [email protected] > http://www.debian.org/security/ Thijs Kinkhorst > February 13, 2013 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : polarssl > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE ID : CVE-2013-0169 CVE-2013-1621 CVE-2013-1622 > Debian Bug : 699887 > > Multiple vulnerabilities have been found in OpenSSL. The Common > Vulnerabilities and Exposures project identifies the following issues: > > CVE-2013-0169 > > A timing side channel attack has been found in CBC padding > allowing an attacker to recover pieces of plaintext via statistical > analysis of crafted packages, known as the "Lucky Thirteen" issue. > > CVE-2013-1621 > > An array index error might allow remote attackers to cause a denial > of service via vectors involving a crafted padding-length value > during validation of CBC padding in a TLS session > > CVE-2013-1622 > > Malformed CBC data in a TLS session could allow remote attackers to > conduct distinguishing attacks via statistical analysis of timing > side-channel data for crafted packets. > > For the stable distribution (squeeze), these problems have been fixed in > version 0.12.1-1squeeze1. > > For the testing distribution (wheezy), and the unstable distribution > (sid), these problems have been fixed in version 1.1.4-2. > > We recommend that you upgrade your polarssl packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQEcBAEBAgAGBQJRG/SIAAoJEFb2GnlAHawEgJ0IAJyDs83nzbQjJwiiqPwlTRo1 > FsWTbc4t+sEnCs5bQyNzpeG4teMVPYfSffMp/6Y1+KooPrKJZFFg2NJmb2SXguKd > vF5PQv5QynYkikRJZQhPm3ad3kH0lchngvr7jykezWq+T7uOhZ5eF7IciXZSpiYY > ealFp00XB/ZMzoWHrGTi7q8coI+YN2Iwx+U5KVmj5PLfksVMSpIRo5S9jrk0OB/U > 3xr9ys/yVifZhUDlPder/vOEogwBFnlfWdUriPKi0/1bhF+4smkviaqeXbDdjthN > b3SbYWGqbyGODAx9TOV42hIg1QI87z4Ew0sGPGJihjSR3i2Rg5tEVsusnJu8eHE= > =ItPV > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: http://lists.debian.org/[email protected] > >
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/ca+lfa71kdscnrp-s2jgftosdwqwmqjdybwkjnvb1zbhqhuh...@mail.gmail.com
