SUSE bouncycastle Important Vulnerabilities Fix 2026-1639-1

suse

April 28, 2026

An update that solves five vulnerabilities can now be installed.

Summary

## This update for bouncycastle fixes the following issues: Update to version 1.84. Security issues fixed: * CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly (bsc#1262225). * CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure (bsc#1262226). * CVE-2026-3505: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion (bsc#1262232). * CVE-2026-5588: PKIX draft CompositeVerifier accepts empty signature sequence as valid (bsc#1262228). * CVE-2026-5598: non-constant time comparisons risks private key leakage in FrodoKEM (bsc#1262227). Other updates and bugfixes: * Version 1.84: * In line with JVM changes, KEM support has been backported to Java 17. * BCJSSE: Configurable (client) early key_share groups via

Topics Covered

security advisory SuSE important information disclosure bouncycastle pre-auth resource exhaustion

References

* bsc#1262225

* bsc#1262226

* bsc#1262227

* bsc#1262228

* bsc#1262232

Cross-

* CVE-2025-14813

* CVE-2026-0636

* CVE-2026-3505

* CVE-2026-5588

* CVE-2026-5598

CVSS scores:

* CVE-2025-14813 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-14813 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

* CVE-2025-14813 ( NVD ): 9.3

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Red

* CVE-2026-0636 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2026-0636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-0636 ( NVD ): 5.5

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:1639-1

Release Date: 2026-04-28T11:10:38Z

Rating: important

Topics Covered

security advisory SuSE important information disclosure bouncycastle pre-auth resource exhaustion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE bouncycastle Important Vulnerabilities Fix 2026-1639-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE bouncycastle Important Vulnerabilities Fix 2026-1639-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!