[FREEBSD:FE93803C-883F-11E8-9F0C-001B216D295B] Several Security Defects in the Bouncy Castle Crypto APIs

Severity Critical

Affected Packages 5

CVEs 2

The Legion of the Bouncy Castle reports:

  Release 1.60 is now available for download.
  CVE-2018-1000180: issue around primality tests for RSA key pair
     generation if done using only the low-level API.
  CVE-2018-1000613: lack of class checking in deserialization
     of XMSS/XMSS^MT private keys with BDS state information.

Package	Affected Version
pkg:freebsd/puppetserver6	< 6.2.1
pkg:freebsd/puppetserver5	< 5.3.8
pkg:freebsd/puppetserver
pkg:freebsd/bouncycastle15	< 1.60
pkg:freebsd/bouncycastle	< 1.60

ID

FREEBSD:FE93803C-883F-11E8-9F0C-001B216D295B

Severity

critical

Severity from

CVE-2018-1000613

URL

http://vuxml.freebsd.org/freebsd/fe93803c-883f-11e8-9f0c-001b216d295b.html

Published

2018-06-30T00:00:00
(6 years ago)

Modified

2018-07-15T00:00:00
(6 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://www.bouncycastle.org/latest_releases.html

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/puppetserver6	puppetserver6	< 6.2.1
Affected	pkg:freebsd/puppetserver5	puppetserver5	< 5.3.8
Affected	pkg:freebsd/puppetserver	puppetserver
Affected	pkg:freebsd/bouncycastle15	bouncycastle15	< 1.60
Affected	pkg:freebsd/bouncycastle	bouncycastle	< 1.60

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date