| Summary: | polarssl new security issue CVE-2013-4623 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | davidwhodgins, oe, sysadmin-bugs, tmb |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/567930/ | ||
| Whiteboard: | MGA3-64-OK MGA3-32-OK | ||
| Source RPM: | polarssl-1.2.5-1.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-09-23 19:26:06 CEST
David Walser
2013-09-23 19:26:15 CEST
Whiteboard:
(none) =>
MGA3TOO Whoops. There's more security fixes here... https://polarssl.org/tech-updates/releases/polarssl-1.2.6-released CVE-2013-0169 - TLS and DTLS protocol issue (Lucky Thirteen) CVE-2013-1621 - Out-of-bounds comparisons 1.2.8 has been submitted to cauldron. 1.2.8 has been submitted to mga3. Thanks Oden! Advisory to come. Packages built: -------------- polarssl-1.2.8-1.mga3 libpolarssl2-1.2.8-1.mga3 libpolarssl-devel-1.2.8-1.mga3 from polarssl-1.2.8-1.mga3.src.rpm CC:
(none) =>
oe Oden, FYI the CVE entry for CVE-2013-1621 says it affects versions before 1.2.5. It could be wrong, as the CVE entries are sometimes. Advisory: ======================== Updated polarssl packages fix security vulnerability: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in PolarSSL before 1.2.6, does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext- recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue (CVE-2013-0169). Array index error in the SSL module in PolarSSL before 1.2.6 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session (CVE-2013-1621). A third party can set up a SSL/TLS handshake with a server and send a malformed Certificate handshake message that results in an infinite loop for that connection. With a Man-in-the-Middle attack on a client, a third party can trigger the same infinite loop on a client (CVE-2013-4623). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4623 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-01 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03 https://polarssl.org/tech-updates/releases/polarssl-1.2.6-released https://polarssl.org/tech-updates/releases/polarssl-1.2.7-released https://polarssl.org/tech-updates/releases/polarssl-1.2.8-released https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html ======================== Updated packages in core/updates_testing: ======================== polarssl-1.2.8-1.mga3 libpolarssl2-1.2.8-1.mga3 libpolarssl-devel-1.2.8-1.mga3 from polarssl-1.2.8-1.mga3.src.rpm Advisory 11275.adv committed to svn. CC:
(none) =>
davidwhodgins No poc, so just testing using polarssl-selftest. Testing complete on Mageia 3 i586 and x86_64. Someone from the sysadmin team please push 11275.adv to updates. Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2013-0290.html Status:
NEW =>
RESOLVED |