MGASA-2014-0165

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2014-0076 CVE-2014-0160

Published: 08 Apr 2014, 07:58

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Apr 2014, 07:58

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated openssl package fix two security vulnerabilities Updated openssl packages fix security vulnerability: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). A missing bounds check in the handling of the TLS heartbeat extension in OpenSSL through 1.0.1f can be used to reveal up to 64k of memory to a connected client or server (CVE-2014-0160).

Affected Systems

mageia•openssl
< 1.0.1e-1.5.mga3
mageia•openssl
< 1.0.1e-8.2.mga4

MGASA-2014-0165

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)