A security issue in bouncycastle has been announced on December 12: http://openwall.com/lists/oss-security/2017/12/12/6 An upstream commit to fix the issue is linked in the message above. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOOCC: (none) => geiger.david68210Blocks: (none) => 20660
Debian has issued an advisory for this on December 21: https://www.debian.org/security/2017/dsa-4072
We won't be fixing this type of package for Mageia 5.
Whiteboard: MGA6TOO, MGA5TOO => MGA6TOO
Status comment: (none) => Patches available from Debian and upstream
openSUSE has issued an advisory for this today (June 14): https://lists.opensuse.org/opensuse-updates/2018-06/msg00085.html It also fixes several other issues. The issues are all fixed upstream in 1.59.
Summary: bouncycastle new security issue CVE-2017-13098 => bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098Status comment: Patches available from Debian and upstream => Fixed upstream in 1.59
Fedora has issued an advisory today (June 18): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FLX7FYBQSMDXTMJH2V7CQ5YZFM6AOC7C/ It fixes one additional issue (fix backported from 1.60beta4).
Severity: normal => majorStatus comment: Fixed upstream in 1.59 => Fixed upstream in 1.59 plus patch from FedoraSummary: bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098 => bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000180
Debian has issued an advisory for the new issue on June 22: https://www.debian.org/security/2018/dsa-4233
Ubuntu has issued an advisory for some of these issues on August 1: https://usn.ubuntu.com/3727-1/
openSUSE has issued an advisory on July 28: https://lists.opensuse.org/opensuse-updates/2018-07/msg00089.html It fixes a new issue that was fixed upstream in 1.60.
Summary: bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000180 => bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613Status comment: Fixed upstream in 1.59 plus patch from Fedora => Fixed upstream in 1.60 plus patch from Fedora
Fedora has issued an advisory for this on August 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DVJFLR42744ESQ5QECN4RJQ3HQYFDOTW/
Done for Cauldron and mga6 updating to latest 1.60 release! Note that now modules mail, pg, pkix and tls are part of bouncycastle main package.
Thanks David! Advisory: ======================== Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of 'invisible' data into a signed structure (CVE-2016-1000338). Prevent AESEngine key information leak via lookup table accesses (CVE-2016-1000339). Preventcarry propagation bugs in the implementation of squaring for several raw math classes (CVE-2016-1000340). Fix DSA signature generation vulnerability to timing attack (CVE-2016-1000341). DSA signature generation was vulnerable to timing attack. Where timings can be closely observed for the generation of signatures may have allowed an attacker to gain information about the signature's k value and ultimately the private value as well (CVE-2016-1000341). Ensure that ECDSA does fully validate ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of 'invisible' data into a signed structure (CVE-2016-1000342). Prevent weak default settings for private DSA key pair generation (CVE-2016-1000343). Removed DHIES from the provider to disable the unsafe usage of ECB mode (CVE-2016-1000344). The DHIES/ECIES CBC mode was vulnerable to padding oracle attack. In an environment where timings can be easily observed, it was possible with enough observations to identify when the decryption is failing due to padding (CVE-2016-1000345). The other party DH public key was not fully validated. This could have caused issues as invalid keys could be used to reveal details about the other party's private key where static Diffie-Hellman is in use (CVE-2016-1000346). Remove ECIES from the provider to disable the unsafe usage of ECB mode (CVE-2016-1000352). BouncyCastle, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange was negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT" (CVE-2017-13098). It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected (CVE-2018-1000180). Fix use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') (CVE-2018-1000613). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613 https://lists.opensuse.org/opensuse-updates/2018-06/msg00085.html https://www.debian.org/security/2018/dsa-4233 https://lists.opensuse.org/opensuse-updates/2018-07/msg00089.html ======================== Updated packages in core/updates_testing: ======================== bouncycastle-1.60-1.mga6 bouncycastle-javadoc-1.60-1.mga6 bouncycastle-mail-1.60-1.mga6 bouncycastle-pg-1.60-1.mga6 bouncycastle-pkix-1.60-1.mga6 bouncycastle-tls-1.60-1.mga6 from bouncycastle-1.60-1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6Assignee: mageia => qa-bugs
Keywords: (none) => advisoryCC: (none) => tmb
Created attachment 10363 [details] Source Code does Symmetric Encryption/Description with bouncycastle Extract the two files to a location. You'll need to install javac (openjdk dev). In the directory you pulled the source, to compile you do: javac -cp .:/usr/share/java/bcprov.jar bouncySym.java If it compiles then you can run it like this $ java -cp .:/usr/share/java/bcprov.jar bouncySym "Encrypt Me"
CC: (none) => brtians1
$ uname -a Linux localhost 4.14.65-desktop-1.mga6 #1 SMP Sat Aug 18 14:50:29 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ javac -cp .:/usr/share/java/bcprov.jar bouncySym.java $ java -cp .:/usr/share/java/bcprov.jar bouncySym "Hello my name is Brian" Hello my name is Brian Encrypted : 71282df655ec2f24c11911b835fa8f5ab046cbe1f82fda4bfb5b8a2b60e18112 Hello my name is Brian
Whiteboard: (none) => MGA6-64-OK
The following 4 packages are going to be installed: - bouncycastle-1.60-1.mga6.noarch - bouncycastle-mail-1.60-1.mga6.noarch - bouncycastle-pkix-1.60-1.mga6.noarch - bouncycastle-tls-1.60-1.mga6.noarch 1.3MB of additional disk space will be used. 5.3MB of packages will be retrieved. Installed openjdk_devel then did the below [brian@localhost Downloads]$ javac -cp .:/usr/share/java/bcprov.jar bouncySym.java [brian@localhost Downloads]$ java -cp .:/usr/share/java/bcprov.jar bouncySym "Encrypt Me" Encrypt Me Encrypted : bbe9ce8b4928a7f6b15f12da546dc4fe Encrypt Me
Whiteboard: MGA6-64-OK => MGA6-64-OK mga6-32-ok
Looks OK to me. Validating...
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0376.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
This update also fixed CVE-2015-6644: https://bugzilla.redhat.com/show_bug.cgi?id=1444015