Описание
Security update for bouncycastle
This update for bouncycastle fixes the following issues:
- CVE-2020-15522: Fixed a timing issue within the EC math library (bsc#1186328).
Список пакетов
Container containers/apache-pulsar:3.3
bouncycastle-1.64-3.3.1
bouncycastle-pkix-1.64-3.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
bouncycastle-1.64-3.3.1
bouncycastle-pg-1.64-3.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
bouncycastle-1.64-3.3.1
bouncycastle-pg-1.64-3.3.1
Ссылки
- Link for SUSE-SU-2021:2163-1
- E-Mail link for SUSE-SU-2021:2163-1
- SUSE Security Ratings
- SUSE Bug 1186328
- SUSE CVE CVE-2020-15522 page
Описание
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
Затронутые продукты
Container containers/apache-pulsar:3.3:bouncycastle-1.64-3.3.1
Container containers/apache-pulsar:3.3:bouncycastle-pkix-1.64-3.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:bouncycastle-1.64-3.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:bouncycastle-pg-1.64-3.3.1
Ссылки
- CVE-2020-15522
- SUSE Bug 1186328