DSA-2621-1 openssl -- severalID: oval:org.secpod.oval:def:600964 | Date: (C)2013-02-17 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key. CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the "Lucky Thirteen" issue.