openSUSE-SU-2021:0940-1

Опубликовано: 29 июн. 2021

Источник: suse-cvrf

Описание

Security update for bouncycastle

This update for bouncycastle fixes the following issues:

CVE-2020-15522: Fixed a timing issue within the EC math library (bsc#1186328).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

bouncycastle-1.64-lp152.2.3.1

bouncycastle-javadoc-1.64-lp152.2.3.1

bouncycastle-mail-1.64-lp152.2.3.1

bouncycastle-pg-1.64-lp152.2.3.1

bouncycastle-pkix-1.64-lp152.2.3.1

bouncycastle-tls-1.64-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WSUJOEQHX6WIC7O7EQMIAET7L3ZTQKGM/
E-Mail link for openSUSE-SU-2021:0940-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1186328
SUSE Bug 1186328
https://www.suse.com/security/cve/CVE-2020-15522/
SUSE CVE CVE-2020-15522 page

Описание

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

Затронутые продукты

openSUSE Leap 15.2:bouncycastle-1.64-lp152.2.3.1

openSUSE Leap 15.2:bouncycastle-javadoc-1.64-lp152.2.3.1

openSUSE Leap 15.2:bouncycastle-mail-1.64-lp152.2.3.1

openSUSE Leap 15.2:bouncycastle-pg-1.64-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15522.html
CVE-2020-15522
https://bugzilla.suse.com/1186328
SUSE Bug 1186328

openSUSE-SU-2021:0940-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-15522

Описание

Затронутые продукты

Ссылки