DSA-2621-1 openssl -- several
|ID: oval:org.secpod.oval:def:600964||Date: (C)2013-02-17 (M)2017-12-13|
|Class: PATCH||Family: unix|
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key. CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the "Lucky Thirteen" issue.