Updated openssl packages fix security vulnerability: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). A missing bounds check in the handling of the TLS heartbeat extension in OpenSSL through 1.0.1f can be used to reveal up to 64k of memory to a connected client or server (CVE-2014-0160).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchopenssl< 1.0.1e-1.5openssl-1.0.1e-1.5.mga3
Mageia4noarchopenssl< 1.0.1e-8.2openssl-1.0.1e-8.2.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	openssl	< 1.0.1e-1.5	openssl-1.0.1e-1.5.mga3
Mageia	4	noarch	openssl	< 1.0.1e-8.2	openssl-1.0.1e-8.2.mga4

References

lists.opensuse.org/opensuse-updates/2014-04/msg00007.html

www.openssl.org/news/secadv_20140407.txt

bugs.mageia.org/show_bug.cgi?id=13148

nessus 46

openvas 21

ibm 43

vmware 2

freebsd_advisory 1

gentoo 1

altlinux 4

securityvulns 18

ubuntu 1

slackware 1

f5 3

ubuntucve 2

cve 1

threatpost 1

prion 2

cvelist 1

veracode 1

freebsd 1

nvd 2

openssl 2

seebug 13

debiancve 1

suse 1

zdt 2

ics 5

packetstorm 3

atlassian 1

thn 4

vulnerlab 1

n0where 1

exploitpack 2

attackerkb 1

fortinet 1

checkpoint_security 1

hp 3

hackerone 1

symantec 1

kitploit 1

intel 1

osv 1

nessus

VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)

2014-04-21 00:00:00

VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities

2014-05-03 00:00:00

VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)

2014-05-06 00:00:00

openvas

VMware ESXi/ESX updates address OpenSSL security vulnerabilities (VMSA-2014-0004)

2014-05-08 00:00:00

VMware ESXi updates address OpenSSL security vulnerabilities (VMSA-2014-0004) - Remote Version Check

2014-05-08 00:00:00

Ubuntu: Security Advisory (USN-2165-1)

2014-04-08 00:00:00

ibm

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

2022-02-23 17:14:38

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

2018-06-16 21:17:19

Security Bulletin: Rational Build Forge is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

2018-06-17 04:53:33

vmware

VMware product updates address OpenSSL security vulnerabilities

2014-04-14 00:00:00

VMware product updates address OpenSSL security vulnerabilities

2014-04-14 00:00:00

freebsd_advisory

FreeBSD-SA-14:06.openssl

2014-04-08 00:00:00

gentoo

OpenSSL: Information Disclosure

2014-04-08 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1g-alt1

2014-04-08 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1g-alt1

2014-04-07 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1g-alt1

2014-04-07 00:00:00

securityvulns

OpenSSL security vulnerabilities

2014-05-30 00:00:00

[USN-2165-1] OpenSSL vulnerabilities

2014-04-08 00:00:00

FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]

2014-04-20 00:00:00

ubuntu

OpenSSL vulnerabilities

2014-04-07 00:00:00

slackware

[slackware-security] openssl

2014-04-08 15:05:22

K15295 : OpenSSL vulnerability CVE-2014-0076

2014-05-29 00:00:00

SOL15295 - OpenSSL vulnerability CVE-2014-0076

2014-05-29 00:00:00

K15159 : OpenSSL vulnerability CVE-2014-0160

2015-02-16 00:00:00

ubuntucve

CVE-2014-0076

2014-03-25 00:00:00

CVE-2014-0160

2014-04-07 00:00:00

cve

CVE-2014-0076

2014-03-25 13:25:21

threatpost

Second NSA Crypto Tool Found in RSA BSafe

2014-03-31 15:59:27

prion

Design/Logic Flaw

2014-03-25 13:25:00

Buffer overflow

2014-04-07 22:55:00

cvelist

CVE-2014-0076

2014-03-25 01:00:00

veracode

Side-channel Timing Attack

2017-02-08 02:53:24

freebsd

OpenSSL -- Local Information Disclosure

2014-04-07 00:00:00

nvd

CVE-2014-0076

2014-03-25 13:25:21

CVE-2014-0160

2014-04-07 22:55:03

openssl

Vulnerability in OpenSSL CVE-2014-0076

2014-02-14 00:00:00

Vulnerability in OpenSSL CVE-2014-0160

2014-04-07 00:00:00

seebug

OpenSSL ECDSA Nonces恢复漏洞

2014-03-25 00:00:00

BlackBerry Link OpenSSL TLS心跳信息泄漏漏洞

2014-04-16 00:00:00

IBM AIX OpenSSL TLS心跳信息泄漏漏洞

2014-04-16 00:00:00

debiancve

CVE-2014-0076

2014-03-25 13:25:21

suse

update for openssl (important)

2014-04-08 13:04:15

zdt

OpenSSL Heartbeat (Heartbleed) Information Leak Exploit

2014-04-10 00:00:00

OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)

2014-04-09 00:00:00

ics

ABB Relion 650 Series OpenSSL Vulnerability (Update A)

2018-09-06 12:00:00

Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability

2018-08-27 12:00:00

Unified Automation OPC SDK OpenSSL Vulnerability

2018-09-06 12:00:00

packetstorm

Heartbleed Proof Of Concept

2014-04-08 00:00:00

OpenSSL Heartbeat (Heartbleed) Information Leak

2014-04-10 00:00:00

OpenSSL TLS Heartbeat Extension Memory Disclosure

2014-04-08 00:00:00

atlassian

Update Tomcat Native DLL in JIRA Installer

2014-06-26 19:39:26

thn

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

2014-04-14 20:40:00

Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable

2014-04-08 08:23:00

Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug

2017-01-22 23:27:00

vulnerlab

HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu

2014-04-09 00:00:00

n0where

Access Point Impersonation Attacks: hostapd-wpe

2016-04-12 22:19:39

exploitpack

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (2) (DTLS Support)

2014-04-24 00:00:00

OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure

2014-04-08 00:00:00

attackerkb

CVE-2014-0160 (AKA: Heartbleed)

2014-04-07 00:00:00

fortinet

Information Disclosure Vulnerability in OpenSSL (Heartbleed)

2014-04-08 00:00:00

checkpoint_security

Check Point response to OpenSSL vulnerability (CVE-2014-0160)

2014-04-07 21:00:00

HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information

2014-04-23 00:00:00

HPSBPI03031 rev.3 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information

2014-04-30 00:00:00

HPSBPI03014 rev.2 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information

2014-04-22 00:00:00

hackerone

Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)

2014-10-23 15:12:13

symantec

Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version

2016-05-12 08:00:00

kitploit

Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)

2014-04-10 00:55:00

intel

Multiple Intel Software Products and API Services impacted by CVE-2014-0160

2014-04-30 00:00:00

osv

openssl - security update

2014-04-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.972 High

EPSS

Percentile

99.8%

JSON

Related for MGASA-2014-0165