FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

The Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")

Affected packages
bouncycastle < 1.59
bouncycastle15 < 1.59


VuXML ID 6a131fbf-ec76-11e7-aa65-001b216d295b
Discovery 2017-12-12
Entry 2017-12-29

The Legion of the Bouncy Castle reports:

Release: 1.59

CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs are not affected by this.


CVE Name CVE-2017-13098