GNUTLS-SA-2013-1 (lucky thirteen) CVE-2013-0169 CVE-2013-1619

Thijs Kinkhorst thijs at debian.org
Wed Feb 6 10:21:38 UTC 2013 

On Wed, February 6, 2013 10:22, Andreas Metzler wrote:
> Hello,
>
> sorry for the delayed pointer:
>
> -----------------------
> Nadhem Alfardan and Kenny Paterson devised an attack that recovers
> some bits of the plaintext of a GnuTLS session that utilizes that CBC
> ciphersuites, by using timing information.
>
> In order for the attack to work the client must operate as follows. It
> connects to a server, it sends some (encrypted) data that will be
> intercepted by the attacker, who will terminate the client's
> connection abnormally (i.e. the client will receive a premature
> termination error). The client should repeat that, multiple times.
> [...]
> How to mitigate the attack?
>
>     Do not enable the CBC ciphersuites, prefer ARCFOUR or GCM modes.
>     Upgrade to the latest GnuTLS version (3.1.7, 3.0.28, or 2.12.23).
> -----------------------
> http://www.isg.rhul.ac.uk/tls/
>
> Writeup for GnuTLS:
> http://nikmav.blogspot.be/2013/02/time-is-money-for-cbc-ciphersuites.html
>
> Debian's affected versions:
>
> Package  dist      Version up to     fixed in
> -----------------+----------------+----------------------------------
> gnutls26 exp       2.12.22-1         I will upload 2.12.23-1
> gnutls26 unstable  2.12.20-3         2.12.20-4
> gnutls26 testing   2.12.20-3         I will ask whether 2.12.20-4 can
>                                      propagate, otherwise I will make a
>                                      separate upload
> gnutls26 stable    2.8.6-1+squeeze2   -
>
> Sadly the patch does not apply directly to stable because 2.8.x is
> missing
> <http://gitorious.org/gnutls/gnutls/commit/32a7367601a3fda0aef07f5481c89e38d9c85b4a>
> As I am a) slightly ill and b) not a programmer I will not try my
> hands on this. :-(
>
> gnutls28 exp       3.1.6-1         3.1.7-1 (currently in NEW)
> gnutls28 unstable  3.0.22-2        not yet
> gnutls28 testing   3.0.20-3        not yet
> gnutls28 stable    N/A             N/A
>
> Regarding gnutls28 I will consult with debian-release.

Thanks for the detailed information. We were aware of the issue. Please
keep us posted on the fixed status of the variants in the various Debian
suites.


Cheers,
Thijs

More information about the Pkg-gnutls-maint mailing list