Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:32464
[Rus]
Version
2
Class
patch
ALTXid
181079
Language
English
Severity
Medium
Title
openSUSE-SU-2018:1689-1 -- Security update for bouncycastle
Description
BouncyCastle, when configured to use the JCE (Java
Cryptography Extension) for cryptographic functions, provided a weak
Bleichenbacher oracle when any TLS cipher suite using RSA key exchange
was negotiated. An attacker can recover the private key from a
vulnerable application. This vulnerability is referred to as 'ROBOT'
(bsc#1072697)
Family
unix
Platform
openSUSE Leap 42.3
Product
bouncycastle
Reference
VENDOR: openSUSE-SU-2018:1689-1
VENDOR: openSUSE-SU-2018:1689-1
Id:
openSUSE-SU-2018:1689-1
Reference:
http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00025.html
CVE: CVE-2016-1000338
CVE: CVE-2016-1000338
Id:
CVE-2016-1000338
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
Comment
: In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
347 (Improper Verification of Cryptographic Signature)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0 (CONFIRM)
[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update (MLIST)
USN-3727-1 (UBUNTU)
CVE: CVE-2016-1000339
CVE: CVE-2016-1000339
Id:
CVE-2016-1000339
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
310 (Cryptographic Issues)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0 (CONFIRM)
https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2 (CONFIRM)
[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update (MLIST)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
USN-3727-1 (UBUNTU)
CVE: CVE-2016-1000340
CVE: CVE-2016-1000340
Id:
CVE-2016-1000340
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
Comment
: In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
19 (Data Handling)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31 (CONFIRM)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
CVE: CVE-2016-1000341
CVE: CVE-2016-1000341
Id:
CVE-2016-1000341
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
361 (Time and State)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce (CONFIRM)
[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update (MLIST)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
USN-3727-1 (UBUNTU)
CVE: CVE-2016-1000342
CVE: CVE-2016-1000342
Id:
CVE-2016-1000342
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
347 (Improper Verification of Cryptographic Signature)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9 (CONFIRM)
[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update (MLIST)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
USN-3727-1 (UBUNTU)
CVE: CVE-2016-1000343
CVE: CVE-2016-1000343
Id:
CVE-2016-1000343
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
310 (Cryptographic Issues)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d (CONFIRM)
[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update (MLIST)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
USN-3727-1 (UBUNTU)
CVE: CVE-2016-1000344
CVE: CVE-2016-1000344
Id:
CVE-2016-1000344
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
310 (Cryptographic Issues)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f (CONFIRM)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
CVE: CVE-2016-1000345
CVE: CVE-2016-1000345
Id:
CVE-2016-1000345
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
361 (Time and State)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098 (CONFIRM)
[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update (MLIST)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
USN-3727-1 (UBUNTU)
CVE: CVE-2016-1000346
CVE: CVE-2016-1000346
Id:
CVE-2016-1000346
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
320 (Key Management Errors)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937 (CONFIRM)
[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update (MLIST)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
USN-3727-1 (UBUNTU)
CVE: CVE-2016-1000352
CVE: CVE-2016-1000352
Id:
CVE-2016-1000352
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352
Comment
: In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
310 (Cryptographic Issues)
References:
RHSA-2018:2669 (REDHAT)
RHSA-2018:2927 (REDHAT)
https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f (CONFIRM)
https://security.netapp.com/advisory/ntap-20181127-0004/ (CONFIRM)
CVE: CVE-2017-13098
CVE: CVE-2017-13098
Id:
CVE-2017-13098
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098
Comment
: BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
https://robotattack.org/ (MISC)
https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c (CONFIRM)
VU#144389 (CERT-VN)
102195 (BID)
DSA-4072 (DEBIAN)
https://security.netapp.com/advisory/ntap-20171222-0001/ (CONFIRM)
openSUSE-SU-2020:0607 (SUSE)
https://www.oracle.com/security-alerts/cpuoct2020.html (MISC)
Content available only for registered users!
ovaldb@altx-soft.com