CVE-2013-6450

Publication date 1 January 2014

Last updated 24 July 2024

Ubuntu priority

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssl	13.10 saucy	Fixed 1.0.1e-3ubuntu1.1
	13.04 raring	Fixed 1.0.1c-4ubuntu8.2
	12.10 quantal	Fixed 1.0.1c-3ubuntu2.6
	12.04 LTS precise	Fixed 1.0.1-4ubuntu5.11
	10.04 LTS lucid	Not affected

Notes

mdeslaur

only affects 1.0.0+

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openssl	Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a6c62f0c25a756c263a80ce52afbae888028e986 Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3dcc8411e518fb0835c7d72df4a58718205260d

CVE-2013-6450

Status

Notes

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references