CVE-2014-0076

Published: 25 March 2014

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Priority

Status

Package	Release	Status
openssl Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.0.1f-1ubuntu2)
	Ubuntu 12.04 ESM (Precise Pangolin)	Released (1.0.1-4ubuntu5.12)
	Patches: Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332 (1.0.1) Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40acdb192e035f463d3c39c23fd8a68cf54df378 (1.0.1)
openssl098 Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (code not present)
	Ubuntu 12.04 ESM (Precise Pangolin)	Not vulnerable (code not present)

References

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742923

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM