The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. #### Bugs * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0169> * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889> #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | 1.0.1d has incorrect fix. Use 1.0.1e: [mdeslaur](<https://launchpad.net/~mdeslaur>) | regression bug: http://rt.openssl.org/Ticket/Display.html?id=2975&user=guest&pass=guest 1.0.1e still contains another regression: another regression: http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest OpenSSL fix reverted by 1732-2 because of regression (see: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1133333) (see: http://rt.openssl.org/Ticket/Display.html?id=3002) (see: bugs.debian.org/cgi-bin/bugreport.cgi?bug=701868)

Affected Package

OS OS Version Package Name Package Version
ubuntu 10.04 openjdk-6 6b27-1.12.3-0ubuntu1~10.04
ubuntu 11.10 openjdk-6 6b27-1.12.3-0ubuntu1~11.10
ubuntu 12.04 openjdk-6 6b27-1.12.3-0ubuntu1~12.04
ubuntu 12.10 openjdk-6 6b27-1.12.3-0ubuntu1~12.10
ubuntu 13.04 openjdk-6 6b27-1.12.3-1ubuntu1
ubuntu 13.10 openjdk-6 6b27-1.12.3-1ubuntu1
ubuntu 14.04 openjdk-6 6b27-1.12.3-1ubuntu1
ubuntu upstream openjdk-6 6b27-1.12.3
ubuntu 11.10 openjdk-7 7u15-2.3.7-0ubuntu1~11.10
ubuntu 12.04 openjdk-7 7u15-2.3.7-0ubuntu1~12.04
ubuntu 12.10 openjdk-7 7u15-2.3.7-0ubuntu1~12.10
ubuntu 13.04 openjdk-7 7u15-2.3.7-1ubuntu1
ubuntu 13.10 openjdk-7 7u15-2.3.7-1ubuntu1
ubuntu 14.04 openjdk-7 7u15-2.3.7-1ubuntu1
ubuntu 10.04 openssl 0.9.8k-7ubuntu8.14
ubuntu 11.10 openssl 1.0.0e-2ubuntu4.7
ubuntu 12.04 openssl 1.0.1-4ubuntu5.8
ubuntu 12.10 openssl 1.0.1c-3ubuntu2.3
ubuntu 13.04 openssl 1.0.1c-4ubuntu8
ubuntu 13.10 openssl 1.0.1c-4ubuntu8
ubuntu 14.04 openssl 1.0.1c-4ubuntu8
ubuntu upstream openssl 0.9.8y, 1.0.0k, 1.0.1e
ubuntu 12.04 openssl098 0.9.8o-7ubuntu3.2
ubuntu 13.10 openssl098 0.9.8o-7ubuntu3.
ubuntu 14.04 openssl098 0.9.8o-7ubuntu3.
ubuntu upstream openssl098 0.9.8y