Repository 32bit  Forum
Repository 64bit  Wiki
Sat Feb 9 21:45:56 UTC 2013
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz: Upgraded.
  Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
  This addresses the flaw in CBC record processing discovered by
  Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
  at: http://www.isg.rhul.ac.uk/tls/
  Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
  Security Group at Royal Holloway, University of London
  (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
  Emilia Käsper for the initial patch.
  (CVE-2013-0169)
  [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
  Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
  ciphersuites which can be exploited in a denial of service attack.
  Thanks go to and to Adam Langley for discovering
  and detecting this bug and to Wolfgang Ettlinger
  for independently discovering this issue.
  (CVE-2012-2686)
  [Adam Langley]
  Return an error when checking OCSP signatures when key is NULL.
  This fixes a DoS attack. (CVE-2013-0166)
  [Steve Henson]
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
  (* Security fix *)
patches/packages/openssl-solibs-1.0.1d-i486-1_slack14.0.txz: Upgraded.
  (* Security fix *)