{"id":"MGASA-2014-0165","summary":"Updated openssl package fix two security vulnerabilities","details":"Updated openssl packages fix security vulnerability:\n\nThe Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure\nthat certain swap operations have a constant-time behavior, which makes it\neasier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache\nside-channel attack (CVE-2014-0076).\n\nA missing bounds check in the handling of the TLS heartbeat extension in\nOpenSSL through 1.0.1f can be used to reveal up to 64k of memory to a\nconnected client or server (CVE-2014-0160).\n","modified":"2026-04-16T01:47:52.201483537Z","published":"2014-04-08T07:58:47Z","upstream":["CVE-2014-0076","CVE-2014-0160"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0165.html"},{"type":"WEB","url":"http://www.openssl.org/news/secadv_20140407.txt"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13148"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1e-1.5.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0165.json"}},{"package":{"name":"openssl","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1e-8.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0165.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}