2014-11-12
ALT-BU-2014-3098-1
Branch t6 update bulletin.
Closed vulnerabilities
Published: 2013-12-03
BDU:2015-09677
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2013-10-17
BDU:2015-09702
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации
Severity: MEDIUM (4.3)
References:
Published: 2012-05-15
Modified: 2018-01-05
Modified: 2018-01-05
CVE-2012-2333
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Severity: MEDIUM (6.8)
References:
- http://cvs.openssl.org/chngview?cn=22547
- http://cvs.openssl.org/chngview?cn=22538
- http://www.cert.fi/en/reports/2012/vulnerability641549.html
- https://bugzilla.redhat.com/show_bug.cgi?id=820686
- http://www.openssl.org/news/secadv_20120510.txt
- 53476
- 49116
- DSA-2475
- FEDORA-2012-7939
- 49324
- 49208
- 1027057
- RHSA-2012:1306
- RHSA-2012:1307
- RHSA-2012:1308
- SSRT100930
- 50768
- APPLE-SA-2013-06-04-1
- http://support.apple.com/kb/HT5784
- 51312
- FEDORA-2012-18035
- VU#737740
- SSRT101108
- openssl-tls-record-dos(75525)
- MDVSA-2012:073
- RHSA-2012:0699
- SUSE-SU-2012:0679
- SUSE-SU-2012:0678
Published: 2013-02-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-0166
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Severity: MEDIUM (5.0)
References:
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
- APPLE-SA-2013-09-12-1
- APPLE-SA-2013-09-12-1
- SUSE-SU-2015:0578
- SUSE-SU-2015:0578
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- HPSBUX02856
- HPSBUX02856
- SSRT101104
- SSRT101104
- HPSBOV02852
- HPSBOV02852
- SSRT101108
- SSRT101108
- HPSBUX02909
- HPSBUX02909
- SSRT101289
- SSRT101289
- RHSA-2013:0587
- RHSA-2013:0587
- RHSA-2013:0782
- RHSA-2013:0782
- RHSA-2013:0783
- RHSA-2013:0783
- RHSA-2013:0833
- RHSA-2013:0833
- 53623
- 53623
- 55108
- 55108
- 55139
- 55139
- http://support.apple.com/kb/HT5880
- http://support.apple.com/kb/HT5880
- DSA-2621
- DSA-2621
- VU#737740
- VU#737740
- http://www.openssl.org/news/secadv_20130204.txt
- http://www.openssl.org/news/secadv_20130204.txt
- http://www.splunk.com/view/SP-CAAAHXG
- http://www.splunk.com/view/SP-CAAAHXG
- https://bugzilla.redhat.com/show_bug.cgi?id=908052
- https://bugzilla.redhat.com/show_bug.cgi?id=908052
- oval:org.mitre.oval:def:18754
- oval:org.mitre.oval:def:18754
- oval:org.mitre.oval:def:19081
- oval:org.mitre.oval:def:19081
- oval:org.mitre.oval:def:19360
- oval:org.mitre.oval:def:19360
- oval:org.mitre.oval:def:19487
- oval:org.mitre.oval:def:19487
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
Published: 2013-02-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Severity: LOW (2.6)
References:
- http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
- http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
- APPLE-SA-2013-09-12-1
- APPLE-SA-2013-09-12-1
- FEDORA-2013-4403
- FEDORA-2013-4403
- SUSE-SU-2013:0328
- SUSE-SU-2013:0328
- openSUSE-SU-2013:0375
- openSUSE-SU-2013:0375
- openSUSE-SU-2013:0378
- openSUSE-SU-2013:0378
- SUSE-SU-2013:0701
- SUSE-SU-2013:0701
- SUSE-SU-2014:0320
- SUSE-SU-2014:0320
- SUSE-SU-2015:0578
- SUSE-SU-2015:0578
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- HPSBUX02856
- HPSBUX02856
- SSRT101104
- SSRT101104
- HPSBOV02852
- HPSBOV02852
- SSRT101108
- SSRT101108
- HPSBUX02857
- HPSBUX02857
- SSRT101103
- SSRT101103
- HPSBMU02874
- HPSBMU02874
- SSRT101184
- SSRT101184
- HPSBUX02909
- HPSBUX02909
- SSRT101289
- SSRT101289
- [oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
- [oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
- RHSA-2013:0587
- RHSA-2013:0587
- RHSA-2013:0782
- RHSA-2013:0782
- RHSA-2013:0783
- RHSA-2013:0783
- RHSA-2013:0833
- RHSA-2013:0833
- RHSA-2013:1455
- RHSA-2013:1455
- RHSA-2013:1456
- RHSA-2013:1456
- 53623
- 53623
- 55108
- 55108
- 55139
- 55139
- 55322
- 55322
- 55350
- 55350
- 55351
- 55351
- GLSA-201406-32
- GLSA-201406-32
- http://support.apple.com/kb/HT5880
- http://support.apple.com/kb/HT5880
- DSA-2621
- DSA-2621
- DSA-2622
- DSA-2622
- http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
- http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
- VU#737740
- VU#737740
- MDVSA-2013:095
- MDVSA-2013:095
- http://www.matrixssl.org/news.html
- http://www.matrixssl.org/news.html
- http://www.openssl.org/news/secadv_20130204.txt
- http://www.openssl.org/news/secadv_20130204.txt
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
- 57778
- 57778
- 1029190
- 1029190
- http://www.splunk.com/view/SP-CAAAHXG
- http://www.splunk.com/view/SP-CAAAHXG
- USN-1735-1
- USN-1735-1
- TA13-051A
- TA13-051A
- http://www-01.ibm.com/support/docview.wss?uid=swg21644047
- http://www-01.ibm.com/support/docview.wss?uid=swg21644047
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
- [debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update
- [debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update
- oval:org.mitre.oval:def:18841
- oval:org.mitre.oval:def:18841
- oval:org.mitre.oval:def:19016
- oval:org.mitre.oval:def:19016
- oval:org.mitre.oval:def:19424
- oval:org.mitre.oval:def:19424
- oval:org.mitre.oval:def:19540
- oval:org.mitre.oval:def:19540
- oval:org.mitre.oval:def:19608
- oval:org.mitre.oval:def:19608
- https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
- https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
- https://puppet.com/security/cve/cve-2013-0169
- https://puppet.com/security/cve/cve-2013-0169
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084