Multiple vulnerabilities have been found in PolarSSL The Common
Vulnerabilities and Exposures project identifies the following issues:
CVE-2013-0169
A timing side channel attack has been found in CBC padding
allowing an attacker to recover pieces of plaintext via statistical
analysis of crafted packages, known as the Lucky Thirteen is ...
Multiple vulnerabilities have been found in OpenSSL The Common
Vulnerabilities and Exposures project identifies the following issues:
CVE-2013-0166
OpenSSL does not properly perform signature verification for OCSP
responses, which allows remote attackers to cause a denial of
service via an invalid key
CVE-2013-0169
A timing side ...
Several security issues were fixed in OpenSSL ...
Several security issues were fixed in OpenSSL ...
USN-1732-1 introduced a regression in OpenSSL ...
Several security issues were fixed in OpenJDK ...
Synopsis
Critical: java-160-ibm security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...
Synopsis
Important: java-170-openjdk security update
Type/Severity
Security Advisory: Important
Topic
Updated java-170-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant secur ...
Synopsis
Moderate: openssl security update
Type/Severity
Security Advisory: Moderate
Topic
Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulne ...
Synopsis
Important: rhev-hypervisor6 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An updated rhev-hypervisor6 package that fixes several security issues andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impac ...
Synopsis
Important: java-160-openjdk security update
Type/Severity
Security Advisory: Important
Topic
Updated java-160-openjdk packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact ...
Synopsis
Critical: java-160-openjdk security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-160-openjdk packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact C ...
Synopsis
Critical: java-160-sun security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-160-sun packages that fix three security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalsecu ...
Synopsis
Critical: java-170-oracle security update
Type/Severity
Security Advisory: Critical
Topic
Updated java-170-oracle packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having crit ...
Synopsis
Low: Red Hat Network Satellite server IBM Java Runtime security update
Type/Severity
Security Advisory: Low
Topic
Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 55The Red Hat Security Response Team has rated this update as ha ...
Synopsis
Low: Red Hat Network Satellite server IBM Java Runtime security update
Type/Severity
Security Advisory: Low
Topic
Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 54The Red Hat Security Response Team has rated this update as ha ...
Synopsis
Moderate: OpenShift Container Platform 461 image security update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Debian Bug report logs -
#699887
TLS timing attack in polarssl (Lucky 13)
Package:
polarssl;
Maintainer for polarssl is Roland Stigge <stigge@antcomde>;
Reported by: Thijs Kinkhorst <thijs@debianorg>
Date: Wed, 6 Feb 2013 10:51:04 UTC
Severity: serious
Tags: security
Fixed in versions polarssl/125-1, polarssl/1 ...
Debian Bug report logs -
#699886
TLS timing attack in yaSSL (Lucky 13)
Package:
mysql-55;
Maintainer for mysql-55 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>;
Reported by: Thijs Kinkhorst <thijs@debianorg>
Date: Wed, 6 Feb 2013 10:51:01 UTC
Severity: serious
Tags: patch, pending, securit ...
Debian Bug report logs -
#699885
TLS timing attack in bouncycastle (Lucky 13)
Package:
bouncycastle;
Maintainer for bouncycastle is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Thijs Kinkhorst <thijs@debianorg>
Date: Wed, 6 Feb 2013 10:48:02 UTC
Severity: serious
Tags: securi ...
Debian Bug report logs -
#699889
several issues in Security Advisory 5 Feb 2013
Package:
openssl;
Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon)
Reported by: Thijs Kinkhorst <thijs@debianorg>
Date: Wed, 6 Feb 2013 11 ...
Debian Bug report logs -
#699888
TLS timing attack in nss (Lucky 13)
Package:
nss;
Maintainer for nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>;
Reported by: Thijs Kinkhorst <thijs@debianorg>
Date: Wed, 6 Feb 2013 10:54:02 UTC
Severity: serious
Tags: security
Fixed in version ...
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle (CVE-2013-0169)
A NULL pointer dereference ...
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486, CVE-2013-1484)
An improper permission check issue was discovered in the Libraries component in OpenJDK An untrusted Java applica ...
An improper permission check issue was discovered in the JMX component in OpenJDK An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used A remot ...
The TLS protocol 11 and 12 and the DTLS protocol 10 and 12, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via ...