Security update for bouncycastle
This update for bouncycastle fixes the following issues:
Security issues fixed:
- CVE-2018-1000613: Fix use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') (boo#1100694).
- CVE-2017-13098: Fix against Bleichenbacher oracle when not using the lightweight APIs (boo#1072697).
- Submitted by Tomáš Chvátal (scarabeus_iv)
Fixed bugs
bnc#1100694
VUL-0: CVE-2018-1000613: bouncycastle: prior to version 1.60 contains a CWE-470: Use of Externally-ControlledInput to Select Classes or Code ('Unsafe Reflection')
bnc#1072697
VUL-0: CVE-2017-13098: bouncycastle: TLS server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing plaintext recovery or MITM attack