Описание
Security update for bouncycastle
This update for bouncycastle fixes the following issues:
Update to version 1.78.1, including fixes for:
- CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP). (bsc#1223252)
Список пакетов
Container containers/apache-pulsar:3.3
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Enterprise Storage 7.1
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise Server 15 SP2-LTSS
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise Server 15 SP3-LTSS
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise Server 15 SP4-LTSS
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
openSUSE Leap 15.5
bouncycastle-1.78.1-150200.3.29.1
bouncycastle-javadoc-1.78.1-150200.3.29.1
bouncycastle-jmail-1.78.1-150200.3.29.1
bouncycastle-mail-1.78.1-150200.3.29.1
bouncycastle-pg-1.78.1-150200.3.29.1
bouncycastle-pkix-1.78.1-150200.3.29.1
bouncycastle-tls-1.78.1-150200.3.29.1
bouncycastle-util-1.78.1-150200.3.29.1
Ссылки
- Link for SUSE-SU-2024:1539-1
- E-Mail link for SUSE-SU-2024:1539-1
- SUSE Security Ratings
- SUSE Bug 1223252
- SUSE CVE CVE-2024-30171 page
Описание
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
Затронутые продукты
Container containers/apache-pulsar:3.3:bouncycastle-1.78.1-150200.3.29.1
Container containers/apache-pulsar:3.3:bouncycastle-pkix-1.78.1-150200.3.29.1
Container containers/apache-pulsar:3.3:bouncycastle-util-1.78.1-150200.3.29.1
SUSE Enterprise Storage 7.1:bouncycastle-1.78.1-150200.3.29.1
Ссылки
- CVE-2024-30171
- SUSE Bug 1223252