Security update for bouncycastle
This update for bouncycastle fixes the following issues:
Version update to 1.60:
* CVE-2018-1000613: Use of Externally-ControlledInput to Select Classes or Code (boo#1100694)
* Release notes:
http://www.bouncycastle.org/releasenotes.html
Version update to 1.59:
* CVE-2017-13098: Fix against Bleichenbacher oracle when not
using the lightweight APIs (boo#1072697).
* Release notes:
http://www.bouncycastle.org/releasenotes.html
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1100694
VUL-0: CVE-2018-1000613: bouncycastle: prior to version 1.60 contains a CWE-470: Use of Externally-ControlledInput to Select Classes or Code ('Unsafe Reflection')
bnc#1072697
VUL-0: CVE-2017-13098: bouncycastle: TLS server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing plaintext recovery or MITM attack
