Overview

File _patchinfo of Package patchinfo.8242

<patchinfo incident="8242">
  <issue tracker="bnc" id="1095854">VUL-0: CVE-2016-1000340: bouncycastle: In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bugwas introduced in the implementation of squaring for several raw math classeshave been fixed (org.bouncycastle.math.raw.Nat???). Thes</issue>
  <issue tracker="bnc" id="1095853">VUL-0: CVE-2016-1000339: bouncycastle: In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engineclass used for AES was AESFastEngine. Due to the highly table driven approachused in the algorithm it turns out that if the data channel</issue>
  <issue tracker="bnc" id="1095852">VUL-0: CVE-2016-1000341: bouncycastle: In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signaturegeneration is vulnerable to timing attack. Where timings can be closely observedfor the generation of signatures, the lack of blinding in 1.5</issue>
  <issue tracker="bnc" id="1095850">VUL-0: CVE-2016-1000342: bouncycastle: In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fullyvalidate ASN.1 encoding of signature on verification. It is possible to injectextra elements in the sequence making up the signature a</issue>
  <issue tracker="bnc" id="1072697">VUL-0: CVE-2017-13098: bouncycastle: TLS server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing plaintext recovery or MITM attack</issue>
  <issue tracker="bnc" id="1096026">VUL-0: CVE-2016-1000344: bouncycastle: DHIES implementation allowed the use of ECB mode</issue>
  <issue tracker="bnc" id="1096025">VUL-0: CVE-2016-1000345: bouncycastle: DHIES/ECIES CBC mode vulnerable to padding oracle attack</issue>
  <issue tracker="bnc" id="1096024">VUL-0: CVE-2016-1000346: bouncycastle: other party DH public key is not fully validated</issue>
  <issue tracker="bnc" id="1095849">VUL-0: CVE-2016-1000343: bouncycastle: In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pairgenerator generates a weak private key if used with default values. If the JCAkey pair generator is not explicitly initialised with DSA pa</issue>
  <issue tracker="bnc" id="1096022">VUL-0: CVE-2016-1000352: bouncycastle: implementation allowed the use of ECB mode</issue>
  <issue tracker="bnc" id="1095722">VUL-0: CVE-2016-1000338: bouncycastle: In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fullyvalidate ASN.1 encoding of signature on verification. It is possible to injectextra elements in the sequence making up the signature and</issue>
  <issue tracker="cve" id="2016-1000338"/>
  <issue tracker="cve" id="2016-1000342"/>
  <issue tracker="cve" id="2016-1000352"/>
  <issue tracker="cve" id="2017-13098"/>
  <issue tracker="cve" id="2016-1000343"/>
  <issue tracker="cve" id="2016-1000340"/>
  <issue tracker="cve" id="2016-1000341"/>
  <issue tracker="cve" id="2016-1000346"/>
  <issue tracker="cve" id="2016-1000339"/>
  <issue tracker="cve" id="2016-1000344"/>
  <issue tracker="cve" id="2016-1000345"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>abergmann</packager>
  <description>This update for bouncycastle to version 1.59 fixes the following issues:

These security issues were fixed:

- CVE-2017-13098: BouncyCastle, when configured to use the JCE (Java
  Cryptography Extension) for cryptographic functions, provided a weak
  Bleichenbacher oracle when any TLS cipher suite using RSA key exchange was
  negotiated. An attacker can recover the private key from a vulnerable
  application. This vulnerability is referred to as "ROBOT" (bsc#1072697).
- CVE-2016-1000338: Ensure full validation of ASN.1 encoding of signature on
  verification. It was possible to inject extra elements in the sequence making
  up the signature and still have it validate, which in some cases may have
  allowed the introduction of 'invisible' data into a signed structure
  (bsc#1095722).
- CVE-2016-1000339: Prevent AESEngine key information leak via lookup table
  accesses (boo#1095853).
- CVE-2016-1000340: Preventcarry propagation bugs in the implementation of
  squaring for several raw math classes (boo#1095854).
- CVE-2016-1000341: Fix DSA signature generation vulnerability to timing attack
  (boo#1095852).
- CVE-2016-1000341: DSA signature generation was vulnerable to timing attack.
  Where timings can be closely observed for the generation of signatures may have
  allowed an attacker to gain information about the signature's k value and
  ultimately the private value as well (bsc#1095852).
- CVE-2016-1000342: Ensure that ECDSA does fully validate ASN.1 encoding of
  signature on verification. It was possible to inject extra elements in the
  sequence making up the signature and still have it validate, which in some
  cases may have allowed the introduction of 'invisible' data into a signed
  structure (bsc#1095850).
- CVE-2016-1000343: Prevent weak default settings for private DSA key pair
  generation (boo#1095849).
- CVE-2016-1000344: Removed DHIES from the provider to disable the unsafe usage
  of ECB mode (boo#1096026).
- CVE-2016-1000345: The DHIES/ECIES CBC mode was vulnerable to padding oracle
  attack. In an environment where timings can be easily observed, it was possible
  with enough observations to identify when the decryption is failing due to
  padding (bsc#1096025).
- CVE-2016-1000346: The other party DH public key was not fully validated. This
  could have caused issues as invalid keys could be used to reveal details about
  the other party's private key where static Diffie-Hellman is in use
  (bsc#1096024).
- CVE-2016-1000352: Remove ECIES from the provider to disable the unsafe usage
  of ECB mode (boo#1096022).
</description>
  <summary>Security update for bouncycastle</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places