Re: [SECURITY] [DSA 2622-1] polarssl security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2622-1] polarssl security update
From: Daniel Thomas Hasbrouck <thoma348c64@gmail.com>
Date: Wed, 13 Feb 2013 13:54:19 -0800
Message-id: <[🔎] CA+Lfa71kDscNRp-S2jgftosDWqwMqJDyBwkJnvB1zBHQHuHQsA@mail.gmail.com>
In-reply-to: <20130213201701.BCE7859FCB@kinkhorst.com>
References: <20130213201701.BCE7859FCB@kinkhorst.com>

thank You, folks.  this is a lot 2 wrap my mind around 4 a few days.

On 2/13/13, Thijs Kinkhorst <thijs@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2622-1                   security@debian.org
> http://www.debian.org/security/                           Thijs Kinkhorst
> February 13, 2013                      http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : polarssl
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2013-0169 CVE-2013-1621 CVE-2013-1622
> Debian Bug     : 699887
>
> Multiple vulnerabilities have been found in OpenSSL. The Common
> Vulnerabilities and Exposures project identifies the following issues:
>
> CVE-2013-0169
>
>     A timing side channel attack has been found in CBC padding
>     allowing an attacker to recover pieces of plaintext via statistical
>     analysis of crafted packages, known as the "Lucky Thirteen" issue.
>
> CVE-2013-1621
>
>     An array index error might allow remote attackers to cause a denial
>     of service via vectors involving a crafted padding-length value
>     during validation of CBC padding in a TLS session
>
> CVE-2013-1622
>
>     Malformed CBC data in a TLS session could allow remote attackers to
>     conduct distinguishing attacks via statistical analysis of timing
>     side-channel data for crafted packets.
>
> For the stable distribution (squeeze), these problems have been fixed in
> version 0.12.1-1squeeze1.
>
> For the testing distribution (wheezy), and the  unstable distribution
> (sid), these problems have been fixed in version 1.1.4-2.
>
> We recommend that you upgrade your polarssl packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQEcBAEBAgAGBQJRG/SIAAoJEFb2GnlAHawEgJ0IAJyDs83nzbQjJwiiqPwlTRo1
> FsWTbc4t+sEnCs5bQyNzpeG4teMVPYfSffMp/6Y1+KooPrKJZFFg2NJmb2SXguKd
> vF5PQv5QynYkikRJZQhPm3ad3kH0lchngvr7jykezWq+T7uOhZ5eF7IciXZSpiYY
> ealFp00XB/ZMzoWHrGTi7q8coI+YN2Iwx+U5KVmj5PLfksVMSpIRo5S9jrk0OB/U
> 3xr9ys/yVifZhUDlPder/vOEogwBFnlfWdUriPKi0/1bhF+4smkviaqeXbDdjthN
> b3SbYWGqbyGODAx9TOV42hIg1QI87z4Ew0sGPGJihjSR3i2Rg5tEVsusnJu8eHE=
> =ItPV
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: http://lists.debian.org/20130213201701.BCE7859FCB@kinkhorst.com
>
>

Reply to:

Prev by Date: Re: [SECURITY] [DSA 2621-1] openssl security update
Next by Date: Re: dropbear delayed startup
Previous by thread: Re: [SECURITY] [DSA 2621-1] openssl security update
Next by thread: iptable mac address not showing in log
Index(es):
- Date
- Thread