CVE-2013-1623

Publication date 8 February 2013

Last updated 24 July 2024

Ubuntu priority

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-5.1	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Fixed 5.1.69-0ubuntu0.11.10.1
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
mysql-5.5	13.04 raring	Fixed 5.5.31-0ubuntu0.13.04.1
	12.10 quantal	Fixed 5.5.31-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 5.5.31-0ubuntu0.12.04.1
	11.10 oneiric	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
mysql-dfsg-5.1	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	10.04 LTS lucid	Fixed 5.1.69-0ubuntu0.10.04.1
	8.04 LTS hardy	Not in release

Notes

jdstrand

no updates from upstream at this time

seth-arnold

not mentioned in April CPU, but the code fixed in the Debian bug report is present, looks fixed

References

Related Ubuntu Security Notices (USN)

USN-1807-2
MySQL vulnerabilities
25 April 2013

USN-1807-1
MySQL vulnerabilities
25 April 2013

Other references

https://www.cve.org/CVERecord?id=CVE-2013-1623