FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Local Information Disclosure

Affected packages
1.0.1 <= openssl < 1.0.1_10
1.0.1 <= mingw32-openssl < 1.0.1g
Affected systems
8.3 <= FreeBSD < 8.3_15
8.4 <= FreeBSD < 8.4_8
9.1 <= FreeBSD < 9.1_11
9.2 <= FreeBSD < 9.2_4
10.0 <= FreeBSD < 10.0_1

Details

VuXML ID 7ccd4def-c1be-11e3-9d09-000c2980a9f3
Discovery 2014-04-07
Entry 2014-04-11

OpenSSL reports:

A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

A local attacker might be able to snoop a signing process and might recover the signing key from it.

References

CVE Name CVE-2014-0076
FreeBSD Advisory FreeBSD-SA-14:06.openssl
URL https://www.openssl.org/news/vulnerabilities.html#2014-0076