CVE-2014-0076

Published: 25 March 2014

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Priority

Status

Package	Release	Status
openssl Launchpad, Ubuntu, Debian	lucid	Not vulnerable (code not present)
	precise	Released (1.0.1-4ubuntu5.12)
	quantal	Released (1.0.1c-3ubuntu2.7)
	saucy	Released (1.0.1e-3ubuntu1.2)
	upstream	Needs triage
openssl098 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Not vulnerable (code not present)
	quantal	Not vulnerable (code not present)
	saucy	Not vulnerable (code not present)
	upstream	Needs triage

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://eprint.iacr.org/2014/140
https://ubuntu.com/security/notices/USN-2165-1
NVD
Launchpad
Debian

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742923

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›