CVE-2014-0076

Published: 25 March 2014

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Priority

Status

Package	Release	Status
openssl Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.0.1f-1ubuntu2)
	Patches: Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332 (1.0.1) Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40acdb192e035f463d3c39c23fd8a68cf54df378 (1.0.1)
openssl098 Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (code not present)

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742923

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM