Novell Home

CVE-2014-0076

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0076 at MITRE

Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entries: 869945, 880891, 883126, 905106

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • openssl >= 0.9.8a-18.80.5
  • openssl-devel >= 0.9.8a-18.80.5
  • openssl-doc >= 0.9.8a-18.80.5
Builds
ZYPP Patch Nr: 8815
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • openssl >= 0.9.8a-18.80.5
  • openssl-32bit >= 0.9.8a-18.80.5
  • openssl-devel >= 0.9.8a-18.80.5
  • openssl-devel-32bit >= 0.9.8a-18.80.5
  • openssl-doc >= 0.9.8a-18.80.5
Builds
ZYPP Patch Nr: 8815
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • openssl >= 0.9.8a-18.45.75.1
  • openssl-devel >= 0.9.8a-18.45.75.1
  • openssl-doc >= 0.9.8a-18.45.75.1
Builds
ZYPP Patch Nr: 8814
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • openssl >= 0.9.8a-18.45.75.1
  • openssl-32bit >= 0.9.8a-18.45.75.1
  • openssl-devel >= 0.9.8a-18.45.75.1
  • openssl-devel-32bit >= 0.9.8a-18.45.75.1
  • openssl-doc >= 0.9.8a-18.45.75.1
Builds
ZYPP Patch Nr: 8814
SUSE Linux Enterprise Server 11 SP2 LTSS
  • libopenssl0_9_8 >= 0.9.8j-0.58.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.58.1
  • openssl >= 0.9.8j-0.58.1
  • openssl-doc >= 0.9.8j-0.58.1
Builds
SAT Patch Nr: 9324
SUSE Linux Enterprise Server 11 SP2 LTSS
  • libopenssl0_9_8 >= 0.9.8j-0.58.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.58.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.58.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.58.1
  • openssl >= 0.9.8j-0.58.1
  • openssl-doc >= 0.9.8j-0.58.1
Builds
SAT Patch Nr: 9324
SLE CLIENT TOOLS 10 for x86
  • openssl >= 0.9.8a-18.80.5
  • openssl-certs >= 1.96-0.18.1
  • openssl-devel >= 0.9.8a-18.80.5
  • openssl-doc >= 0.9.8a-18.80.5
Builds
ZYPP Patch Nr: 8842
SLE CLIENT TOOLS 10 for s390x
SLE CLIENT TOOLS 10 for x86_64
  • openssl >= 0.9.8a-18.80.5
  • openssl-32bit >= 0.9.8a-18.80.5
  • openssl-certs >= 1.96-0.18.1
  • openssl-devel >= 0.9.8a-18.80.5
  • openssl-devel-32bit >= 0.9.8a-18.80.5
  • openssl-doc >= 0.9.8a-18.80.5
Builds
ZYPP Patch Nr: 8842
SUSE Linux Enterprise Server 11 SP1
  • openssl-debuginfo >= 0.9.8j-0.54.1
Builds
SAT Patch Nr: 9072
SUSE Linux Enterprise Server 11 SP1 LTSS
  • libopenssl0_9_8 >= 0.9.8j-0.58.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.58.1
  • openssl >= 0.9.8j-0.58.1
  • openssl-doc >= 0.9.8j-0.58.1
Builds
SAT Patch Nr: 9323
SUSE Linux Enterprise Server 11 SP1 LTSS
  • libopenssl0_9_8 >= 0.9.8j-0.58.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.58.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.58.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.58.1
  • openssl >= 0.9.8j-0.58.1
  • openssl-doc >= 0.9.8j-0.58.1
Builds
SAT Patch Nr: 9323
SUSE Linux Enterprise Software Development Kit 11 SP3
  • libopenssl-devel >= 0.9.8j-0.54.1
Builds
SAT Patch Nr: 9073
SUSE Linux Enterprise Desktop 11 SP3
  • libopenssl0_9_8 >= 0.9.8j-0.54.1
  • openssl >= 0.9.8j-0.54.1
Builds
SAT Patch Nr: 9073
SUSE Linux Enterprise Desktop 11 SP3
  • libopenssl0_9_8 >= 0.9.8j-0.54.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.54.1
  • openssl >= 0.9.8j-0.54.1
Builds
SAT Patch Nr: 9073
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • libopenssl0_9_8 >= 0.9.8j-0.54.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.54.1
  • openssl >= 0.9.8j-0.54.1
  • openssl-doc >= 0.9.8j-0.54.1
Builds
SAT Patch Nr: 9073
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • libopenssl0_9_8 >= 0.9.8j-0.54.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.54.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.54.1
  • libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.54.1
  • openssl >= 0.9.8j-0.54.1
  • openssl-doc >= 0.9.8j-0.54.1
Builds
SAT Patch Nr: 9073
SUSE Linux Enterprise Server 11 SP3
  • libopenssl0_9_8 >= 0.9.8j-0.54.1
  • libopenssl0_9_8-hmac >= 0.9.8j-0.54.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.54.1
  • openssl >= 0.9.8j-0.54.1
  • openssl-doc >= 0.9.8j-0.54.1
Builds
SAT Patch Nr: 9073

© 2014 Novell