openSUSE Security Update : bouncycastle (openSUSE-2018-628)

Medium Nessus Plugin ID 110530

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for bouncycastle to version 1.59 fixes the following
issues :

These security issues were fixed :

- CVE-2017-13098: BouncyCastle, when configured to use the
JCE (Java Cryptography Extension) for cryptographic
functions, provided a weak Bleichenbacher oracle when
any TLS cipher suite using RSA key exchange was
negotiated. An attacker can recover the private key from
a vulnerable application. This vulnerability is referred
to as 'ROBOT' (bsc#1072697).

- CVE-2016-1000338: Ensure full validation of ASN.1
encoding of signature on verification. It was possible
to inject extra elements in the sequence making up the
signature and still have it validate, which in some
cases may have allowed the introduction of 'invisible'
data into a signed structure (bsc#1095722).

- CVE-2016-1000339: Prevent AESEngine key information leak
via lookup table accesses (boo#1095853).

- CVE-2016-1000340: Preventcarry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).

- CVE-2016-1000341: Fix DSA signature generation
vulnerability to timing attack (boo#1095852).

- CVE-2016-1000341: DSA signature generation was
vulnerable to timing attack. Where timings can be
closely observed for the generation of signatures may
have allowed an attacker to gain information about the
signature's k value and ultimately the private value as
well (bsc#1095852).

- CVE-2016-1000342: Ensure that ECDSA does fully validate
ASN.1 encoding of signature on verification. It was
possible to inject extra elements in the sequence making
up the signature and still have it validate, which in
some cases may have allowed the introduction of
'invisible' data into a signed structure (bsc#1095850).

- CVE-2016-1000343: Prevent weak default settings for
private DSA key pair generation (boo#1095849).

- CVE-2016-1000344: Removed DHIES from the provider to
disable the unsafe usage of ECB mode (boo#1096026).

- CVE-2016-1000345: The DHIES/ECIES CBC mode was
vulnerable to padding oracle attack. In an environment
where timings can be easily observed, it was possible
with enough observations to identify when the decryption
is failing due to padding (bsc#1096025).

- CVE-2016-1000346: The other party DH public key was not
fully validated. This could have caused issues as
invalid keys could be used to reveal details about the
other party's private key where static Diffie-Hellman is
in use (bsc#1096024).

- CVE-2016-1000352: Remove ECIES from the provider to
disable the unsafe usage of ECB mode (boo#1096022).

Solution

Update the affected bouncycastle packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1072697

https://bugzilla.opensuse.org/show_bug.cgi?id=1095722

https://bugzilla.opensuse.org/show_bug.cgi?id=1095849

https://bugzilla.opensuse.org/show_bug.cgi?id=1095850

https://bugzilla.opensuse.org/show_bug.cgi?id=1095852

https://bugzilla.opensuse.org/show_bug.cgi?id=1095853

https://bugzilla.opensuse.org/show_bug.cgi?id=1095854

https://bugzilla.opensuse.org/show_bug.cgi?id=1096022

https://bugzilla.opensuse.org/show_bug.cgi?id=1096024

https://bugzilla.opensuse.org/show_bug.cgi?id=1096025

https://bugzilla.opensuse.org/show_bug.cgi?id=1096026

Plugin Details

Severity: Medium

ID: 110530

File Name: openSUSE-2018-628.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2018/06/14

Modified: 2018/09/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:bouncycastle, p-cpe:/a:novell:opensuse:bouncycastle-javadoc, cpe:/o:novell:opensuse:42.3

Patch Publication Date: 2018/06/14

Reference Information

CVE: CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, CVE-2017-13098