Package name
openssl
Date
2014-04-09
Advisory ID
MDVSA-2014:067
Affected versions
MBS1 x86_64

Problem description

Updated openssl packages fix security vulnerability:

The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time behavior,
which makes it easier for local users to obtain ECDSA nonces via a
FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

Updated packages

MBS1 x86_64

 6ce72c83600ecc473d840324a95db526  mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.2.mbs1.x86_64.rpm
 fc08f87faf41a9e93e220a802627a368  mbs1/x86_64/lib64openssl-devel-1.0.0k-1.2.mbs1.x86_64.rpm
 02991647fb80713e63ab6c3471696cbc  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.2.mbs1.x86_64.rpm
 b0862093b9546e3aac02adf5c57291a2  mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.2.mbs1.x86_64.rpm
 39d7188917c594dfdea6c5221ca81d26  mbs1/x86_64/openssl-1.0.0k-1.2.mbs1.x86_64.rpm 
 fabaa254030f7f44c0939111e6a49a46  mbs1/SRPMS/openssl-1.0.0k-1.2.mbs1.src.rpm

References