openSUSE-SU-2016:0605-1

Опубликовано: 28 фев. 2016

Источник: suse-cvrf

Описание

Security update for bouncycastle

This update to bouncycastle 1.54 fixes the following issues:

CVE-2015-7575: add validation that signature algorithm received in DigitallySigned structures is actually one of those offered (boo#967521)

Список пакетов

openSUSE Leap 42.1

bouncycastle-1.54-19.1

bouncycastle-javadoc-1.54-19.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
E-Mail link for openSUSE-SU-2016:0605-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Затронутые продукты

openSUSE Leap 42.1:bouncycastle-1.54-19.1

openSUSE Leap 42.1:bouncycastle-javadoc-1.54-19.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-7575.html
CVE-2015-7575
https://bugzilla.suse.com/959888
SUSE Bug 959888
https://bugzilla.suse.com/960402
SUSE Bug 960402
https://bugzilla.suse.com/960996
SUSE Bug 960996
https://bugzilla.suse.com/961280
SUSE Bug 961280
https://bugzilla.suse.com/961281
SUSE Bug 961281
https://bugzilla.suse.com/961282
SUSE Bug 961282
https://bugzilla.suse.com/961283
SUSE Bug 961283
https://bugzilla.suse.com/961284
SUSE Bug 961284
https://bugzilla.suse.com/961290
SUSE Bug 961290
https://bugzilla.suse.com/961357
SUSE Bug 961357
https://bugzilla.suse.com/962743
SUSE Bug 962743
https://bugzilla.suse.com/963937
SUSE Bug 963937
https://bugzilla.suse.com/967521
SUSE Bug 967521
https://bugzilla.suse.com/981087
SUSE Bug 981087

openSUSE-SU-2016:0605-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2015-7575

Описание

Затронутые продукты

Ссылки