CVE-2013-0169 - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSS

CVE-2013-0169

Summary

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. Per http://www.openssl.org/news/vulnerabilities.html: Fixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) Fixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) Fixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8) Affected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y (The fix in 1.0.1d wasn't complete, so please use 1.0.1e or later)

References

Vulnerable Configurations

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 09-10-2019 - 23:06)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:N/A:N

oval via4

accepted

2015-04-20T04:00:46.294-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:18841

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure

version

accepted

2015-05-04T04:00:13.938-04:00

class

vulnerability

contributors

name Sergey Artykhov
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	VisualSVN Server is installed
oval	oval:org.mitre.oval:def:18636

description

family

windows

oval:org.mitre.oval:def:19016

status

accepted

submitted

2013-10-02T13:00:00

title

OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169)

version

accepted

2015-04-20T04:01:16.047-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19424

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

version

accepted

2015-04-20T04:01:27.840-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19540

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

version

accepted

2014-01-20T04:00:21.328-05:00

class

vulnerability

contributors

name Chandan M C
organization Hewlett-Packard
name Chandan M C
organization Hewlett-Packard

definition_extensions

comment IBM AIX 5.3 is installed
oval oval:org.mitre.oval:def:5325
comment IBM AIX 6.1 is installed
oval oval:org.mitre.oval:def:5267
comment IBM AIX 7.1 is installed
oval oval:org.mitre.oval:def:18828
comment IBM AIX 5.3 is installed
oval oval:org.mitre.oval:def:5325
comment IBM AIX 6.1 is installed
oval oval:org.mitre.oval:def:5267
comment IBM AIX 7.1 is installed
oval oval:org.mitre.oval:def:18828

description

family

unix

oval:org.mitre.oval:def:19608

status

accepted

submitted

2013-11-18T10:06:56.357-05:00

title

Multiple OpenSSL vulnerabilities

version

redhat via4

advisories

bugzilla

id	908052
title	CVE-2013-0166 openssl: DoS due to improper handling of OCSP response verification

oval

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331001

AND
comment openssl is earlier than 0:0.9.8e-26.el5_9.1
oval oval:com.redhat.rhsa:tst:20130587002
comment openssl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964003

AND

comment openssl-devel is earlier than 0:0.9.8e-26.el5_9.1
oval oval:com.redhat.rhsa:tst:20130587006
comment openssl-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964005

AND

comment openssl-perl is earlier than 0:0.9.8e-26.el5_9.1
oval oval:com.redhat.rhsa:tst:20130587004
comment openssl-perl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964007

AND

comment Red Hat Enterprise Linux 6 Client is installed
oval oval:com.redhat.rhba:tst:20111656001
comment Red Hat Enterprise Linux 6 Server is installed
oval oval:com.redhat.rhba:tst:20111656002
comment Red Hat Enterprise Linux 6 Workstation is installed
oval oval:com.redhat.rhba:tst:20111656003
comment Red Hat Enterprise Linux 6 ComputeNode is installed
oval oval:com.redhat.rhba:tst:20111656004

AND
comment openssl is earlier than 0:1.0.0-27.el6_4.2
oval oval:com.redhat.rhsa:tst:20130587012
comment openssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100888006

AND

comment openssl-devel is earlier than 0:1.0.0-27.el6_4.2
oval oval:com.redhat.rhsa:tst:20130587018
comment openssl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100888012

AND

comment openssl-perl is earlier than 0:1.0.0-27.el6_4.2
oval oval:com.redhat.rhsa:tst:20130587016
comment openssl-perl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100888008

AND

comment openssl-static is earlier than 0:1.0.0-27.el6_4.2
oval oval:com.redhat.rhsa:tst:20130587014
comment openssl-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100888010

rhsa

id	RHSA-2013:0587
released	2013-03-04
severity	Moderate
title	RHSA-2013:0587: openssl security update (Moderate)

rhsa
id RHSA-2013:0782
rhsa
id RHSA-2013:0783
rhsa
id RHSA-2013:0833
rhsa
id RHSA-2013:1455
rhsa
id RHSA-2013:1456

rpms

java-1.6.0-openjdk-1:1.6.0.0-1.56.1.11.8.el6_3
java-1.6.0-openjdk-demo-1:1.6.0.0-1.56.1.11.8.el6_3
java-1.6.0-openjdk-devel-1:1.6.0.0-1.56.1.11.8.el6_3
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.56.1.11.8.el6_3
java-1.6.0-openjdk-src-1:1.6.0.0-1.56.1.11.8.el6_3
java-1.6.0-openjdk-1:1.6.0.0-1.35.1.11.8.el5_9
java-1.6.0-openjdk-demo-1:1.6.0.0-1.35.1.11.8.el5_9
java-1.6.0-openjdk-devel-1:1.6.0.0-1.35.1.11.8.el5_9
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.35.1.11.8.el5_9
java-1.6.0-openjdk-src-1:1.6.0.0-1.35.1.11.8.el5_9
java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el6_3
java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.7.1.el6_3
java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.7.1.el6_3
java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.7.1.el6_3
java-1.7.0-openjdk-src-1:1.7.0.9-2.3.7.1.el6_3
java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el5_9
java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.7.1.el5_9
java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.7.1.el5_9
java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.7.1.el5_9
java-1.7.0-openjdk-src-1:1.7.0.9-2.3.7.1.el5_9
openssl-0:0.9.8e-26.el5_9.1
openssl-devel-0:0.9.8e-26.el5_9.1
openssl-perl-0:0.9.8e-26.el5_9.1
openssl-0:1.0.0-27.el6_4.2
openssl-devel-0:1.0.0-27.el6_4.2
openssl-perl-0:1.0.0-27.el6_4.2
openssl-static-0:1.0.0-27.el6_4.2

refmap via4

apple	APPLE-SA-2013-09-12-1
bid	57778
cert	TA13-051A
cert-vn	VU#737740
confirm	http://support.apple.com/kb/HT5880 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 http://www.matrixssl.org/news.html http://www.openssl.org/news/secadv_20130204.txt http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.splunk.com/view/SP-CAAAHXG https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released https://puppet.com/security/cve/cve-2013-0169 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
debian	DSA-2621 DSA-2622
fedora	FEDORA-2013-4403
gentoo	GLSA-201406-32
hp	HPSBMU02874 HPSBOV02852 HPSBUX02856 HPSBUX02857 HPSBUX02909 SSRT101103 SSRT101104 SSRT101108 SSRT101184 SSRT101289
mandriva	MDVSA-2013:095
misc	http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
mlist	[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update [oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
sectrack	1029190
secunia	53623 55108 55139 55322 55350 55351
suse	SUSE-SU-2013:0328 SUSE-SU-2013:0701 SUSE-SU-2014:0320 SUSE-SU-2015:0578 openSUSE-SU-2013:0375 openSUSE-SU-2013:0378 openSUSE-SU-2016:0640
ubuntu	USN-1735-1

Last major update

09-10-2019 - 23:06

Published

08-02-2013 - 19:55