openSUSE Security Update : bouncycastle (openSUSE-2018-628)
Medium Nessus Plugin ID 110530
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for bouncycastle to version 1.59 fixes the following
These security issues were fixed :
- CVE-2017-13098: BouncyCastle, when configured to use the
JCE (Java Cryptography Extension) for cryptographic
functions, provided a weak Bleichenbacher oracle when
any TLS cipher suite using RSA key exchange was
negotiated. An attacker can recover the private key from
a vulnerable application. This vulnerability is referred
to as 'ROBOT' (bsc#1072697).
- CVE-2016-1000338: Ensure full validation of ASN.1
encoding of signature on verification. It was possible
to inject extra elements in the sequence making up the
signature and still have it validate, which in some
cases may have allowed the introduction of 'invisible'
data into a signed structure (bsc#1095722).
- CVE-2016-1000339: Prevent AESEngine key information leak
via lookup table accesses (boo#1095853).
- CVE-2016-1000340: Preventcarry propagation bugs in the
implementation of squaring for several raw math classes
- CVE-2016-1000341: Fix DSA signature generation
vulnerability to timing attack (boo#1095852).
- CVE-2016-1000341: DSA signature generation was
vulnerable to timing attack. Where timings can be
closely observed for the generation of signatures may
have allowed an attacker to gain information about the
signature's k value and ultimately the private value as
- CVE-2016-1000342: Ensure that ECDSA does fully validate
ASN.1 encoding of signature on verification. It was
possible to inject extra elements in the sequence making
up the signature and still have it validate, which in
some cases may have allowed the introduction of
'invisible' data into a signed structure (bsc#1095850).
- CVE-2016-1000343: Prevent weak default settings for
private DSA key pair generation (boo#1095849).
- CVE-2016-1000344: Removed DHIES from the provider to
disable the unsafe usage of ECB mode (boo#1096026).
- CVE-2016-1000345: The DHIES/ECIES CBC mode was
vulnerable to padding oracle attack. In an environment
where timings can be easily observed, it was possible
with enough observations to identify when the decryption
is failing due to padding (bsc#1096025).
- CVE-2016-1000346: The other party DH public key was not
fully validated. This could have caused issues as
invalid keys could be used to reveal details about the
other party's private key where static Diffie-Hellman is
in use (bsc#1096024).
- CVE-2016-1000352: Remove ECIES from the provider to
disable the unsafe usage of ECB mode (boo#1096022).
SolutionUpdate the affected bouncycastle packages.