Bug#802671: bouncycastle: ECC private keys can be recovered via invalid curve attack
Raphaël Hertzog
hertzog at debian.org
Thu Oct 22 12:49:26 UTC 2015
Source: bouncycastle
Version: 1.44+dfsg-2
Severity: serious
Tags: security
Control: fixed -1 1.51-1
Hello,
bouncycastle 1.49 in stable/testing/unstable (and 1.44 in wheezy/squeeze)
is vulnerable to an invalid curve attack as described here:
https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
This is fixed in version 1.51 (in experimental).
The upstream patches that fix this issue should be those ones:
https://github.com/bcgit/bc-java/commit/5cb2f05
https://github.com/bcgit/bc-java/commit/e25e94a
A CVE has been requested here:
http://www.openwall.com/lists/oss-security/2015/10/22/7
-- System Information:
Debian Release: stretch/sid
APT prefers squeeze-lts
APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the pkg-java-maintainers
mailing list