openSUSE-SU-2015:1911-1

Опубликовано: 23 окт. 2015

Источник: suse-cvrf

Описание

Security update for bouncycastle

bouncycastle was updated to version 1.53 to fix one security issue.

This security issue was fixed:

CVE-2015-7940: Invalid curve attack (bsc#951727).

Список пакетов

openSUSE Leap 42.1

bouncycastle-1.53-16.1

bouncycastle-javadoc-1.53-16.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
E-Mail link for openSUSE-SU-2015:1911-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Затронутые продукты

openSUSE Leap 42.1:bouncycastle-1.53-16.1

openSUSE Leap 42.1:bouncycastle-javadoc-1.53-16.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-7940.html
CVE-2015-7940
https://bugzilla.suse.com/951727
SUSE Bug 951727

openSUSE-SU-2015:1911-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2015-7940

Описание

Затронутые продукты

Ссылки