Summary: | <net-libs/polarssl-1.2.5: TLS CBC padding timing attack (CVE-2013-1621) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | tommy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=907589 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-02-05 09:30:25 UTC
ebuild for version 1.2.5 added to main tree (In reply to comment #1) > ebuild for version 1.2.5 added to main tree Thanks, Thomas. Arches, please test and mark stable. amd64 stable x86 stable hppa stable arm stable ppc stable ppc64 stable sparc stable CVE-2013-1621 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1621): Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. GLSA vote: yes. GLSA vote: yes Added to existing GLSA request. This issue was resolved and addressed in GLSA 201310-10 at http://security.gentoo.org/glsa/glsa-201310-10.xml by GLSA coordinator Sergey Popov (pinkbyte). |