[FREEBSD:FE93803C-883F-11E8-9F0C-001B216D295B] Several Security Defects in the Bouncy Castle Crypto APIs
Severity
Critical
Affected Packages
5
CVEs
2
The Legion of the Bouncy Castle reports:
Release 1.60 is now available for download.
CVE-2018-1000180: issue around primality tests for RSA key pair
generation if done using only the low-level API.
CVE-2018-1000613: lack of class checking in deserialization
of XMSS/XMSS^MT private keys with BDS state information.
Package | Affected Version |
---|---|
pkg:freebsd/puppetserver6 | < 6.2.1 |
pkg:freebsd/puppetserver5 | < 5.3.8 |
pkg:freebsd/puppetserver | |
pkg:freebsd/bouncycastle15 | < 1.60 |
pkg:freebsd/bouncycastle | < 1.60 |
- ID
- FREEBSD:FE93803C-883F-11E8-9F0C-001B216D295B
- Severity
- critical
- Severity from
- CVE-2018-1000613
- URL
- http://vuxml.freebsd.org/freebsd/fe93803c-883f-11e8-9f0c-001b216d295b.html
- Published
-
2018-06-30T00:00:00
(6 years ago) - Modified
-
2018-07-15T00:00:00
(6 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.bouncycastle.org/latest_releases.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/puppetserver6 | puppetserver6 | < 6.2.1 | ||||
Affected | pkg:freebsd/puppetserver5 | puppetserver5 | < 5.3.8 | ||||
Affected | pkg:freebsd/puppetserver | puppetserver | |||||
Affected | pkg:freebsd/bouncycastle15 | bouncycastle15 | < 1.60 | ||||
Affected | pkg:freebsd/bouncycastle | bouncycastle | < 1.60 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |