CVE-2014-0076

Priority
Medium
Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not
ensure that certain swap operations have a constant-time behavior, which
makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD
cache side-channel attack.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.12)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1f-1ubuntu2)
Patches:
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332 (1.0.1)
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40acdb192e035f463d3c39c23fd8a68cf54df378 (1.0.1)
More Information

Updated: 2016-03-23 03:40:57 UTC (commit 10817)