Security update for bouncycastle SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0940-1 Final 1 1 2021-06-29T04:06:32Z current 2021-06-29T04:06:32Z 2021-06-29T04:06:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bouncycastle This update for bouncycastle fixes the following issues: - CVE-2020-15522: Fixed a timing issue within the EC math library (bsc#1186328). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-940 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WSUJOEQHX6WIC7O7EQMIAET7L3ZTQKGM/ E-Mail link for openSUSE-SU-2021:0940-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186328 SUSE Bug 1186328 https://www.suse.com/security/cve/CVE-2020-15522/ SUSE CVE CVE-2020-15522 page openSUSE Leap 15.2 bouncycastle-1.64-lp152.2.3.1 bouncycastle-javadoc-1.64-lp152.2.3.1 bouncycastle-mail-1.64-lp152.2.3.1 bouncycastle-pg-1.64-lp152.2.3.1 bouncycastle-pkix-1.64-lp152.2.3.1 bouncycastle-tls-1.64-lp152.2.3.1 bouncycastle-1.64-lp152.2.3.1 as a component of openSUSE Leap 15.2 bouncycastle-javadoc-1.64-lp152.2.3.1 as a component of openSUSE Leap 15.2 bouncycastle-mail-1.64-lp152.2.3.1 as a component of openSUSE Leap 15.2 bouncycastle-pg-1.64-lp152.2.3.1 as a component of openSUSE Leap 15.2 bouncycastle-pkix-1.64-lp152.2.3.1 as a component of openSUSE Leap 15.2 bouncycastle-tls-1.64-lp152.2.3.1 as a component of openSUSE Leap 15.2 Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. CVE-2020-15522 openSUSE Leap 15.2:bouncycastle-1.64-lp152.2.3.1 openSUSE Leap 15.2:bouncycastle-javadoc-1.64-lp152.2.3.1 openSUSE Leap 15.2:bouncycastle-mail-1.64-lp152.2.3.1 openSUSE Leap 15.2:bouncycastle-pg-1.64-lp152.2.3.1 openSUSE Leap 15.2:bouncycastle-pkix-1.64-lp152.2.3.1 openSUSE Leap 15.2:bouncycastle-tls-1.64-lp152.2.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WSUJOEQHX6WIC7O7EQMIAET7L3ZTQKGM/ https://www.suse.com/security/cve/CVE-2020-15522.html CVE-2020-15522 https://bugzilla.suse.com/1186328 SUSE Bug 1186328