Bug#699885: TLS timing attack in bouncycastle (Lucky 13)

Thijs Kinkhorst thijs at debian.org
Wed Feb 6 10:45:31 UTC 2013


Package: bouncycastle
Severity: serious
Tags: security

Hi,

Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
differences arising during MAC processing. Details of this attack can be
found at: http://www.isg.rhul.ac.uk/tls/

In the advisory, the following information is present about bouncycastle:
"a patch will be included in version 1.48 of the Java library, to be released 
on or about 05/02/2013. The C# version of BouncyCastle will be fixed in CVS at 
a similar time, and included in release 1.8 at a later date."

The generic protocol issue has been assigned CVE name CVE-2013-0169. The 
specific fix for bouncycastle is known as CVE-2013-1624. Please mention these 
identifiers in the changelog.

Can you see to it that this issue is addressed in unstable and testing? And 
are you available to create an update for stable-security?


Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20130206/5f55b569/attachment-0001.pgp>


More information about the pkg-java-maintainers mailing list