PublicDateAtUSN: 2015-01-08
Candidate: CVE-2014-3570
PublicDate: 2015-01-09 02:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
 https://www.openssl.org/news/secadv_20150108.txt
 https://ubuntu.com/security/notices/USN-2459-1
Description:
 The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p,
 and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM
 value, which might make it easier for remote attackers to defeat
 cryptographic protection mechanisms via unspecified vectors, related to
 crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by: Pieter Wuille
Assigned-to: mdeslaur
CVSS: 

Patches_openssl:
 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e078642ddea29bbb6ba29788a6a513796387fbbb (1.0.1)
 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b4c0a19211bf73d81de52de697a1a9dc60aed82 (0.9.8)
upstream_openssl: released (0.9.8zd, 1.0.1k)
lucid_openssl: released (0.9.8k-7ubuntu8.23)
precise_openssl: released (1.0.1-4ubuntu5.21)
precise/esm_openssl: released (1.0.1-4ubuntu5.21)
trusty_openssl: released (1.0.1f-1ubuntu2.8)
trusty/esm_openssl: released (1.0.1f-1ubuntu2.8)
utopic_openssl: released (1.0.1f-1ubuntu9.1)
vivid_openssl: released (1.0.1f-1ubuntu10)
vivid/stable-phone-overlay_openssl: released (1.0.1f-1ubuntu10)
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu10)
wily_openssl: released (1.0.1f-1ubuntu10)
xenial_openssl: released (1.0.1f-1ubuntu10)
esm-infra/xenial_openssl: released (1.0.1f-1ubuntu10)
yakkety_openssl: released (1.0.1f-1ubuntu10)
zesty_openssl: released (1.0.1f-1ubuntu10)
artful_openssl: released (1.0.1f-1ubuntu10)
bionic_openssl: released (1.0.1f-1ubuntu10)
cosmic_openssl: released (1.0.1f-1ubuntu10)
disco_openssl: released (1.0.1f-1ubuntu10)
devel_openssl: released (1.0.1f-1ubuntu10)

Patches_openssl098:
upstream_openssl098: released (0.9.8zd, 1.0.1k)
lucid_openssl098: DNE
precise_openssl098: ignored (reached end-of-life)
precise/esm_openssl098: DNE (precise was needed)
trusty_openssl098: ignored (reached end-of-life)
trusty/esm_openssl098: DNE (trusty was needed)
utopic_openssl098: ignored (reached end-of-life)
vivid_openssl098: ignored (reached end-of-life)
vivid/stable-phone-overlay_openssl098: DNE
vivid/ubuntu-core_openssl098: DNE
wily_openssl098: DNE
xenial_openssl098: DNE
yakkety_openssl098: DNE
zesty_openssl098: DNE
artful_openssl098: DNE
bionic_openssl098: DNE
cosmic_openssl098: DNE
disco_openssl098: DNE
devel_openssl098: DNE