FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Several Security Defects in the Bouncy Castle Crypto APIs

Affected packages
bouncycastle < 1.60
bouncycastle15 < 1.60
0 <= puppetserver
puppetserver5 < 5.3.8
puppetserver6 < 6.2.1

Details

VuXML ID fe93803c-883f-11e8-9f0c-001b216d295b
Discovery 2018-06-30
Entry 2018-07-15

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download.

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.

[source]

References

CVE Name CVE-2018-1000180
CVE Name CVE-2018-1000613
URL https://www.bouncycastle.org/latest_releases.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.