Novell Home

CVE-2013-0169

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0169 at MITRE

Description

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

NVD CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Note from the SUSE Security Team

We are currently evaluating this problem and are reviewing and backporting fixes. Please note that an exploit for this requires physical proximity of an attacker to the server, which is usually unlikely.,We are currently evaluating this problem and are reviewing and backporting fixes. Please note that an exploit for this requires physical proximity of an attacker to the server, which is usually unlikely.

Novell Bugzilla entries: 802184, 802648, 802746, 803379, 804654, 809839, 813366, 813939, 821818, 905106

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise for SAP Applications 11 SP1
  • compat-openssl097g >= 0.9.7g-146.20.24.1
  • compat-openssl097g-32bit >= 0.9.7g-146.20.24.1
Builds
SAT Patch Nr: 10032
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.9.1
Builds
SAT Patch Nr: 7627
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.1-0.9.1
Builds
SAT Patch Nr: 7627
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.1-0.9.1
Builds
SAT Patch Nr: 7627
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.1-0.9.1
Builds
SAT Patch Nr: 7627
SUSE Linux Enterprise Server 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.9.1
Builds
SAT Patch Nr: 7627
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • gnutls >= 1.2.10-13.38.1
  • gnutls-devel >= 1.2.10-13.38.1
Builds
ZYPP Patch Nr: 8789
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • gnutls >= 1.2.10-13.38.1
  • gnutls-32bit >= 1.2.10-13.38.1
  • gnutls-devel >= 1.2.10-13.38.1
  • gnutls-devel-32bit >= 1.2.10-13.38.1
Builds
ZYPP Patch Nr: 8789
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • openssl >= 0.9.8a-18.76.1
  • openssl-devel >= 0.9.8a-18.76.1
Builds
ZYPP Patch Nr: 8517
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
  • openssl >= 0.9.8a-18.76.1
  • openssl-32bit >= 0.9.8a-18.76.1
  • openssl-devel >= 0.9.8a-18.76.1
  • openssl-devel-32bit >= 0.9.8a-18.76.1
Builds
ZYPP Patch Nr: 8517
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
  • openssl-doc >= 0.9.8a-18.76.1
Builds
ZYPP Patch Nr: 8517
SUSE Linux Enterprise Server 10 SP4 for x86
  • openssl >= 0.9.8a-18.76.1
  • openssl-devel >= 0.9.8a-18.76.1
  • openssl-doc >= 0.9.8a-18.76.1
Builds
ZYPP Patch Nr: 8517
SUSE Linux Enterprise Server 10 SP4 for IPF
  • openssl >= 0.9.8a-18.76.1
  • openssl-devel >= 0.9.8a-18.76.1
  • openssl-doc >= 0.9.8a-18.76.1
  • openssl-x86 >= 0.9.8a-18.76.1
Builds
ZYPP Patch Nr: 8517
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
  • openssl >= 0.9.8a-18.76.1
  • openssl-64bit >= 0.9.8a-18.76.1
  • openssl-devel >= 0.9.8a-18.76.1
  • openssl-devel-64bit >= 0.9.8a-18.76.1
  • openssl-doc >= 0.9.8a-18.76.1
Builds
ZYPP Patch Nr: 8517
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
  • openssl >= 0.9.8a-18.76.1
  • openssl-32bit >= 0.9.8a-18.76.1
  • openssl-devel >= 0.9.8a-18.76.1
  • openssl-devel-32bit >= 0.9.8a-18.76.1
  • openssl-doc >= 0.9.8a-18.76.1
Builds
ZYPP Patch Nr: 8517
SUSE Linux Enterprise Server 10 SP4 for x86
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.1-0.14.1
Builds
ZYPP Patch Nr: 8544
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-64bit >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.1-0.14.1
Builds
ZYPP Patch Nr: 8544
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.14.1
Builds
ZYPP Patch Nr: 8544
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.1-0.14.1
  • java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr13.1-0.14.1
Builds
ZYPP Patch Nr: 8544
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libopenssl-devel >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7548
SUSE Linux Enterprise Desktop 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7548
SUSE Linux Enterprise Desktop 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7548
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7548
SUSE Linux Enterprise Server 11 SP2 for VMware
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7548
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac-x86 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7548
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7548
SUSE Linux Enterprise Desktop 11 SP3
  • compat-openssl097g >= 0.9.7g-146.20.24.1
Builds
SAT Patch Nr: 10033
SUSE Linux Enterprise Desktop 11 SP3
  • compat-openssl097g >= 0.9.7g-146.20.24.1
  • compat-openssl097g-32bit >= 0.9.7g-146.20.24.1
Builds
SAT Patch Nr: 10033
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for x86
  • openssl >= 0.9.7d-15.48
  • openssl-devel >= 0.9.7d-15.48
  • openssl-doc >= 0.9.7d-15.48
Builds
YOU Patch Nr: 12972
SUSE CORE 9 for IBM zSeries 64bit
  • openssl >= 0.9.7d-15.48
  • openssl-32bit >= 9-201308121642
  • openssl-devel >= 0.9.7d-15.48
  • openssl-devel-32bit >= 9-201308121642
  • openssl-doc >= 0.9.7d-15.48
Builds
YOU Patch Nr: 12972
SUSE CORE 9 for AMD64 and Intel EM64T
  • openssl >= 0.9.7d-15.48
  • openssl-32bit >= 9-201308121627
  • openssl-devel >= 0.9.7d-15.48
  • openssl-devel-32bit >= 9-201308121627
  • openssl-doc >= 0.9.7d-15.48
Builds
YOU Patch Nr: 12972
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • openssl >= 0.9.8a-18.45.69.1
  • openssl-devel >= 0.9.8a-18.45.69.1
  • openssl-doc >= 0.9.8a-18.45.69.1
Builds
ZYPP Patch Nr: 8528
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • openssl >= 0.9.8a-18.45.69.1
  • openssl-32bit >= 0.9.8a-18.45.69.1
  • openssl-devel >= 0.9.8a-18.45.69.1
  • openssl-devel-32bit >= 0.9.8a-18.45.69.1
  • openssl-doc >= 0.9.8a-18.45.69.1
Builds
ZYPP Patch Nr: 8528
SUSE Linux Enterprise Desktop 11 SP2
  • java-1_6_0-openjdk >= 1.6.0.0_b27.1.12.3-0.2.1
  • java-1_6_0-openjdk-demo >= 1.6.0.0_b27.1.12.3-0.2.1
  • java-1_6_0-openjdk-devel >= 1.6.0.0_b27.1.12.3-0.2.1
Builds
SAT Patch Nr: 7385
SUSE Linux Enterprise Server 11 SP1 LTSS
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7564
SUSE Linux Enterprise Server 11 SP1 LTSS
  • libopenssl0_9_8 >= 0.9.8j-0.50.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.50.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.50.1
  • openssl >= 0.9.8j-0.50.1
  • openssl-doc >= 0.9.8j-0.50.1
Builds
SAT Patch Nr: 7564

© 2014 Novell