This update for bouncycastle to version 1.59 fixes the following issues :

These security issues were fixed :

  - CVE-2017-13098: BouncyCastle, when configured to use the     JCE (Java Cryptography Extension) for cryptographic     functions, provided a weak Bleichenbacher oracle when     any TLS cipher suite using RSA key exchange was     negotiated. An attacker can recover the private key from     a vulnerable application. This vulnerability is referred     to as 'ROBOT' (bsc#1072697).

  - CVE-2016-1000338: Ensure full validation of ASN.1     encoding of signature on verification. It was possible     to inject extra elements in the sequence making up the     signature and still have it validate, which in some     cases may have allowed the introduction of 'invisible'     data into a signed structure (bsc#1095722).

  - CVE-2016-1000339: Prevent AESEngine key information leak     via lookup table accesses (boo#1095853).

  - CVE-2016-1000340: Preventcarry propagation bugs in the     implementation of squaring for several raw math classes     (boo#1095854).

  - CVE-2016-1000341: Fix DSA signature generation     vulnerability to timing attack (boo#1095852).

  - CVE-2016-1000341: DSA signature generation was     vulnerable to timing attack. Where timings can be     closely observed for the generation of signatures may     have allowed an attacker to gain information about the     signature's k value and ultimately the private value as     well (bsc#1095852).

  - CVE-2016-1000342: Ensure that ECDSA does fully validate     ASN.1 encoding of signature on verification. It was     possible to inject extra elements in the sequence making     up the signature and still have it validate, which in     some cases may have allowed the introduction of     'invisible' data into a signed structure (bsc#1095850).

  - CVE-2016-1000343: Prevent weak default settings for     private DSA key pair generation (boo#1095849).

  - CVE-2016-1000344: Removed DHIES from the provider to     disable the unsafe usage of ECB mode (boo#1096026).

  - CVE-2016-1000345: The DHIES/ECIES CBC mode was     vulnerable to padding oracle attack. In an environment     where timings can be easily observed, it was possible     with enough observations to identify when the decryption     is failing due to padding (bsc#1096025).

  - CVE-2016-1000346: The other party DH public key was not     fully validated. This could have caused issues as     invalid keys could be used to reveal details about the     other party's private key where static Diffie-Hellman is     in use (bsc#1096024).

  - CVE-2016-1000352: Remove ECIES from the provider to     disable the unsafe usage of ECB mode (boo#1096022).

Detections

Analytics

openSUSE Security Update : bouncycastle (openSUSE-2018-628)

high Nessus Plugin ID 110530

Version 1.7