TLS timing attack in polarssl (Lucky 13)

Debian Bug report logs - #699887
TLS timing attack in polarssl (Lucky 13)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: submit@bugs.debian.org

Subject: TLS timing attack in polarssl (Lucky 13)

Date: Wed, 6 Feb 2013 11:49:30 +0100

[Message part 1 (text/plain, inline)]

Package: polarssl
Severity: serious
Tags: security

Hi,

Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
differences arising during MAC processing. Details of this attack can be
found at: http://www.isg.rhul.ac.uk/tls/

The problems are addressed in PolarSSL 1.2.5:
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released

The generic protocol issue has been assigned CVE name CVE-2013-0169. The 
specific fix in PolarSSL is known as CVE-2013-1621 and CVE-2013-1622. Please 
mention these identifiers in the changelog.

Can you see to it that this issue is addressed in unstable and testing? And 
are you available to create an update for stable-security?


Cheers,
Thijs

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 699887@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: Thijs Kinkhorst <thijs@debian.org>, 699887@bugs.debian.org

Subject: Re: Bug#699887: TLS timing attack in polarssl (Lucky 13)

Date: Wed, 06 Feb 2013 12:48:09 +0100

Hi,

On 02/06/2013 11:49 AM, Thijs Kinkhorst wrote:
> Package: polarssl Severity: serious Tags: security
> 
> Hi,
> 
> Nadhem Alfardan and Kenny Paterson have discovered a weakness in
> the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack
> exploits timing differences arising during MAC processing. Details
> of this attack can be found at: http://www.isg.rhul.ac.uk/tls/
> 
> The problems are addressed in PolarSSL 1.2.5: 
> https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
> 
> The generic protocol issue has been assigned CVE name
> CVE-2013-0169. The specific fix in PolarSSL is known as
> CVE-2013-1621 and CVE-2013-1622. Please mention these identifiers
> in the changelog.
> 
> Can you see to it that this issue is addressed in unstable and
> testing? And are you available to create an update for
> stable-security?

Thanks for the report!

I will be able to upload fixes tonight.

Roland

Message #15 received at 699887-close@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: 699887-close@bugs.debian.org

Subject: Bug#699887: fixed in polarssl 1.2.5-1

Date: Wed, 06 Feb 2013 20:47:46 +0000

Source: polarssl
Source-Version: 1.2.5-1

We believe that the bug you reported is fixed in the latest version of
polarssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699887@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Stigge <stigge@antcom.de> (supplier of updated polarssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 06 Feb 2013 21:13:35 +0100
Source: polarssl
Binary: libpolarssl-dev libpolarssl-runtime libpolarssl0
Architecture: source amd64
Version: 1.2.5-1
Distribution: experimental
Urgency: low
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: Roland Stigge <stigge@antcom.de>
Description: 
 libpolarssl-dev - lightweight crypto and SSL/TLS library
 libpolarssl-runtime - lightweight crypto and SSL/TLS library
 libpolarssl0 - lightweight crypto and SSL/TLS library
Closes: 699887
Changes: 
 polarssl (1.2.5-1) experimental; urgency=low
 .
   * New upstream release (Closes: #699887)
   * Fixes CVE-2013-0169: Lucky 13 TLS protocol timing flaw
     (Including CVE-2013-1621 and CVE-2013-1622)
Checksums-Sha1: 
 9f78ea10a409e24172a9994b48ff2a96d153626b 1168 polarssl_1.2.5-1.dsc
 84a703feaeb00cb5fba74a4aa7168e79128bbb19 980299 polarssl_1.2.5.orig.tar.gz
 691db0473550ab4c19647f108b0d32b8cf1e82fc 4623 polarssl_1.2.5-1.debian.tar.gz
 bcf795a4dfc9ebaff921bf689a77ef03681f7b36 260672 libpolarssl-dev_1.2.5-1_amd64.deb
 8eae07203ac92aaf3952733f743608f6dba162be 2504580 libpolarssl-runtime_1.2.5-1_amd64.deb
 776f7dbe104363cf659b32cd20111da6700cec96 176186 libpolarssl0_1.2.5-1_amd64.deb
Checksums-Sha256: 
 ff471030814f5623f361e57b3746cdd261c1e2590495b9529832789c47b99493 1168 polarssl_1.2.5-1.dsc
 ee596851684faef5af124902a27abec0461b2311eee1aa9620d732f9ea4d124a 980299 polarssl_1.2.5.orig.tar.gz
 41d65fe137a4d9832f85fa5a538430974ce5e34702aa519c9ef3a8a0f65ed2bf 4623 polarssl_1.2.5-1.debian.tar.gz
 840671b8dcf70cc99fdd2e69873211ec3a20a765ab2d599a82cdc4bd024736e1 260672 libpolarssl-dev_1.2.5-1_amd64.deb
 7be8270e0d0eaab69bbbe1046c2e470f0112ad60452ffc2ac0de68062a3d0f34 2504580 libpolarssl-runtime_1.2.5-1_amd64.deb
 12bb5c8d6f79532768107b5ac536bd56fd7802d6531da91ce0199b5f17da292e 176186 libpolarssl0_1.2.5-1_amd64.deb
Files: 
 00374f7a876898c2489403c6c775c5ec 1168 libs optional polarssl_1.2.5-1.dsc
 f42dd79cd85384ac9ad482caa665ac8f 980299 libs optional polarssl_1.2.5.orig.tar.gz
 46d5b4c733993e7365e202f3538472a6 4623 libs optional polarssl_1.2.5-1.debian.tar.gz
 3c89d7b0b857088e8b3a05fd91304458 260672 libdevel optional libpolarssl-dev_1.2.5-1_amd64.deb
 b6520d98316674c5ad9f930ad564da9b 2504580 libdevel optional libpolarssl-runtime_1.2.5-1_amd64.deb
 d043c57efdfe7e5603bb4f0fea83b576 176186 libs optional libpolarssl0_1.2.5-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFREr0pcaH/YBv43g8RAmr/AJ9Skt8Y2RgjiG4V0OXWrHAq6AlFQQCfTfmC
AeIf/xxa+O5fgadSVE6SqgA=
=FuZ8
-----END PGP SIGNATURE-----

Message #20 received at 699887@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: Thijs Kinkhorst <thijs@debian.org>, 699887@bugs.debian.org, Debian Security Team <team@security.debian.org>

Subject: Re: Bug#699887: TLS timing attack in polarssl (Lucky 13)

Date: Wed, 06 Feb 2013 22:57:30 +0100

[Message part 1 (text/plain, inline)]

Hi,

On 06/02/13 11:49, Thijs Kinkhorst wrote:
> Can you see to it that this issue is addressed in unstable and testing? And 
> are you available to create an update for stable-security?

I'm attaching (3.0 (quilt) formatted) patches, backported from upstreams
changes between 1.2.4 to 1.2.5, for the versions in testing(=unstable)
and stable(-security), respectively.

Can you please review/comment?

I can upload this to unstable and stable-security(security-master?).

Thanks in advance,

Roland

[polarssl-1.1.4-1.patch (text/x-patch, attachment)]

[polarssl-0.12.1-1.patch (text/x-patch, attachment)]

Message #25 received at 699887-close@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: 699887-close@bugs.debian.org

Subject: Bug#699887: fixed in polarssl 1.1.4-2

Date: Thu, 07 Feb 2013 21:32:47 +0000

Source: polarssl
Source-Version: 1.1.4-2

We believe that the bug you reported is fixed in the latest version of
polarssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699887@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Stigge <stigge@antcom.de> (supplier of updated polarssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 07 Feb 2013 22:08:26 +0100
Source: polarssl
Binary: libpolarssl-dev libpolarssl-runtime libpolarssl0
Architecture: source amd64
Version: 1.1.4-2
Distribution: unstable
Urgency: high
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: Roland Stigge <stigge@antcom.de>
Description: 
 libpolarssl-dev - lightweight crypto and SSL/TLS library
 libpolarssl-runtime - lightweight crypto and SSL/TLS library
 libpolarssl0 - lightweight crypto and SSL/TLS library
Closes: 699887
Changes: 
 polarssl (1.1.4-2) unstable; urgency=high
 .
   * Security fix for CVE-2013-0169: Lucky 13 TLS protocol timing flaw
     including CVE-2013-1621 and CVE-2013-1622, backported from upstream
     diff from 1.2.4 to 1.2.5. (Closes: #699887)
Checksums-Sha1: 
 0ceeecc6928708ddf74bb44265bad12924689879 1174 polarssl_1.1.4-2.dsc
 4c25d337b584bcb26ad418b43079ce70128e1f94 5849 polarssl_1.1.4-2.debian.tar.gz
 0aa5b67d60a2918f7355ee7eab616aad74a4006a 206866 libpolarssl-dev_1.1.4-2_amd64.deb
 aaeaa2f91c185bebc1dfb0e834ec7664a9488ac1 1944546 libpolarssl-runtime_1.1.4-2_amd64.deb
 eb9de163c3dc7a8e93225db1115e5f89ea251691 142912 libpolarssl0_1.1.4-2_amd64.deb
Checksums-Sha256: 
 36e70fcdeb68c86c7260c2a71dcb7f0a2eaa03fb7053967b5515bcf940dd2959 1174 polarssl_1.1.4-2.dsc
 bd1de8901201e1b26a6306ddb17616652bc80f5e47b4adc3d3cba63b80bc5733 5849 polarssl_1.1.4-2.debian.tar.gz
 97ff477e462545a51671849c4eb85f9953a529aea3ce50522d4c2865e724dbcb 206866 libpolarssl-dev_1.1.4-2_amd64.deb
 00f9071ab31f1e39c2b99866f167c5e94e659a613c64cf87b8c2ab88e6786bd0 1944546 libpolarssl-runtime_1.1.4-2_amd64.deb
 95595fee55cfcb52eb32af0fbe0a9823e202b946c7b1bef2993cf6bb75d97f38 142912 libpolarssl0_1.1.4-2_amd64.deb
Files: 
 f79178372844636920a7d9a92e50e580 1174 libs optional polarssl_1.1.4-2.dsc
 22871443cc0256937a8de1fcecf1d130 5849 libs optional polarssl_1.1.4-2.debian.tar.gz
 59327ef471269ff056b9cd0603229979 206866 libdevel optional libpolarssl-dev_1.1.4-2_amd64.deb
 eed5ee8d290e0dd37596c14c5727bb5a 1944546 libdevel optional libpolarssl-runtime_1.1.4-2_amd64.deb
 4cf74101610259a5380747441493459d 142912 libs optional libpolarssl0_1.1.4-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRFBpOcaH/YBv43g8RAry0AJ0Qf9+Ko5/L+Nei6Ufo5kq5LZK99wCgvJD0
UZn6nIxM2EfKc1qM3VGjLY8=
=ISr+
-----END PGP SIGNATURE-----

Message #30 received at 699887@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: debian-release@lists.debian.org, 699887@bugs.debian.org

Subject: Unblock request for polarssl 1.1.4-2

Date: Thu, 07 Feb 2013 22:53:51 +0100

Hi,

polarssl 1.1.4-2 just hit unstable. Fixes security bug #699887,
CVE-2013-0169, so please unblock.

Thanks!

(Will contact the security team separately for the respective security
update for the version in stable.)

Roland

Message #35 received at 699887@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Roland Stigge <stigge@antcom.de>

Cc: debian-release@lists.debian.org, 699887@bugs.debian.org

Subject: Re: Unblock request for polarssl 1.1.4-2

Date: Thu, 07 Feb 2013 21:59:29 +0000

On Thu, 2013-02-07 at 22:53 +0100, Roland Stigge wrote:
> polarssl 1.1.4-2 just hit unstable. Fixes security bug #699887,
> CVE-2013-0169, so please unblock.

Unblocked; thanks.

Please consider filing a usertagged unblock tag (e.g. via reportbug) in
future. They're much easier for us to keep track of.

Regards,

Adam

Message #40 received at 699887@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: Debian Security Team <team@security.debian.org>, 699887@bugs.debian.org

Subject: Security fix for #699887, CVE-2013-0169

Date: Thu, 07 Feb 2013 22:58:44 +0100

[Message part 1 (text/plain, inline)]

Hi,

I prepared a security upload for stable (attached debdiff). Should I
upload it to stable-security(security-master)?

Thanks,

Roland

[patch (text/plain, attachment)]

Message #45 received at 699887@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: Roland Stigge <stigge@antcom.de>

Cc: Debian Security Team <team@security.debian.org>, 699887@bugs.debian.org

Subject: Re: Security fix for #699887, CVE-2013-0169

Date: Sun, 10 Feb 2013 12:33:05 +0100

[Message part 1 (text/plain, inline)]

Hi Roland,

On 07/02/2013 22:58, Roland Stigge wrote:
> I prepared a security upload for stable (attached debdiff). Should I
> upload it to stable-security(security-master)?

Thanks for contacting us.
please upload to security-master (please make sure to include the
.orig.tar.gz in the upload, -sa switch), I will take care of this.


Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #50 received at 699887@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: Giuseppe Iuculano <giuseppe@iuculano.it>, 699887@bugs.debian.org

Cc: Debian Security Team <team@security.debian.org>

Subject: Re: Bug#699887: Security fix for #699887, CVE-2013-0169

Date: Sun, 10 Feb 2013 13:55:25 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On 10/02/13 12:33, Giuseppe Iuculano wrote:
> On 07/02/2013 22:58, Roland Stigge wrote:
>> I prepared a security upload for stable (attached debdiff).
>> Should I upload it to stable-security(security-master)?
> 
> Thanks for contacting us. please upload to security-master (please
> make sure to include the .orig.tar.gz in the upload, -sa switch), I
> will take care of this.

OK, uploaded. Please tell if there's anything missing.

Thanks,

Roland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFRF5i8caH/YBv43g8RA6MeAJ9cpyqHj9bU4t+tfnvOzxNfuSaZaACePEUP
zfLu6PhwTuYv7kTVIG5dkjY=
=ffsE
-----END PGP SIGNATURE-----

Message #55 received at 699887-close@bugs.debian.org (full text, mbox, reply):

From: Roland Stigge <stigge@antcom.de>

To: 699887-close@bugs.debian.org

Subject: Bug#699887: fixed in polarssl 0.12.1-1squeeze1

Date: Fri, 15 Feb 2013 12:17:11 +0000

Source: polarssl
Source-Version: 0.12.1-1squeeze1

We believe that the bug you reported is fixed in the latest version of
polarssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699887@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Stigge <stigge@antcom.de> (supplier of updated polarssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 07 Feb 2013 22:17:00 +0100
Source: polarssl
Binary: libpolarssl-dev
Architecture: source amd64
Version: 0.12.1-1squeeze1
Distribution: stable-security
Urgency: low
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: Roland Stigge <stigge@antcom.de>
Description: 
 libpolarssl-dev - lightweight crypto and SSL/TLS library
Closes: 699887
Changes: 
 polarssl (0.12.1-1squeeze1) stable-security; urgency=low
 .
   * Security fix for CVE-2013-0169: Lucky 13 TLS protocol timing flaw
     including CVE-2013-1621 and CVE-2013-1622, backported from upstream
     diff from 1.2.4 to 1.2.5. (Closes: #699887)
Checksums-Sha1: 
 4d591f82c8e25734d847e007d2b83deec994e175 1030 polarssl_0.12.1-1squeeze1.dsc
 31a85ae0b1365de5575e4f7b3c982bd14de0870b 335160 polarssl_0.12.1.orig.tar.gz
 12a187070bef9528f086c84532d8ba3cf231226b 4362 polarssl_0.12.1-1squeeze1.diff.gz
 4bb595e33d583c07c61b81c48b5883967a228c36 260808 libpolarssl-dev_0.12.1-1squeeze1_amd64.deb
Checksums-Sha256: 
 4d20b29acb053ae452fdf6d8b3ee776419ec88b2ac1e6c23205350c0f9fdba2f 1030 polarssl_0.12.1-1squeeze1.dsc
 4bd79758b22e04b653e3e825847e3c72b4aab51685fa2acdb6fe00431c8bb8f3 335160 polarssl_0.12.1.orig.tar.gz
 d5e31f1d7b3b4fa6251f626be8f1aaff5fc4e7f22f6c441b4c02278f4887cf4a 4362 polarssl_0.12.1-1squeeze1.diff.gz
 c69bf1b7d79e70ac9b02ce227a8adca78da52039afc6ad65635c34d3f553ecd4 260808 libpolarssl-dev_0.12.1-1squeeze1_amd64.deb
Files: 
 1ecbad3f05b475c9bf4e301508c4600f 1030 libs optional polarssl_0.12.1-1squeeze1.dsc
 08bc85a19bbe65493076b9968b421e80 335160 libs optional polarssl_0.12.1.orig.tar.gz
 30eff016a99d2d9407558833c2ced7b6 4362 libs optional polarssl_0.12.1-1squeeze1.diff.gz
 fa31f8ebfd87669c1f7b38f91d89e7ec 260808 libdevel optional libpolarssl-dev_0.12.1-1squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRF5dBcaH/YBv43g8RAlE8AJ9AVA8kEFpos75/ciukbHyU5Q47kACg6C4d
l6DafxdwNDmVc5shZnPlAJ0=
=rfPd
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.