Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Related bugs and status

CVE-2013-1619 (Candidate) is related to these bugs:

Bug #1068029: memory leak in libgnutls28

Summary				In	Importance	Status
	1068029	memory leak in libgnutls28		gnutls28 (Ubuntu)	Undecided	Fix Released

Bug #1166634: gnutls26 crashes on particularly malformed crypt stream

Summary				In	Importance	Status
	1166634	gnutls26 crashes on particularly malformed crypt stream		gnutls26 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013020...
MISC: http://www.isg.rhul.ac...
CONFIRM: http://nmav.gnutls.org...
CONFIRM: http://www.gnutls.org/...
CONFIRM: https://gitorious.org/...
CONFIRM: https://gitorious.org/...
REDHAT: RHSA-2013:0588
UBUNTU: USN-1752-1
SUSE: openSUSE-SU-2013:0807
SUSE: SUSE-SU-2014:0320
SUSE: SUSE-SU-2014:0322
SUSE: openSUSE-SU-2014:0346
SECUNIA: 57260
SECUNIA: 57274