Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

openSUSE Leap 42.3 SUSE-SU-2018:2820-1 Moderate: bouncycastle RSA Flaw

opensuse
Calendar Grey September 24, 2018
Dist Opensuse Esm H88
An announcement for openSUSE resolves a significant security vulnerability regarding RSA key pair creation. Please apply the suggested updates immediately.
An update that fixes one vulnerability is now available.

Description

This update for bouncycastle fixes the following security issue:

- CVE-2018-1000180: Fixed flaw in the Low-level interface to RSA key pair

generator. RSA Key Pairs generated in low-level API with added certainty

may had less M-R tests than expected (bsc#1096291).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1043=1

Package List

- openSUSE Leap 42.3 (noarch):

bouncycastle-1.60-23.10.1

bouncycastle-javadoc-1.60-23.10.1

References

https://www.suse.com/security/cve/CVE-2018-1000180.html

https://bugzilla.suse.com/show_bug.cgi?id=1096291

--

Announcement ID: openSUSE-SU-2018:2820-1
Rating: moderate
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.