Security update for bouncycastle SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1539-2 Final 1 1 2024-06-18T11:05:53Z current 2024-06-18T11:05:53Z 2024-06-18T11:05:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bouncycastle This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP). (bsc#1223252) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/apache-pulsar:3.3-2024-1539,SUSE-2024-1539,SUSE-SLE-Module-Development-Tools-15-SP6-2024-1539,openSUSE-SLE-15.6-2024-1539 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241539-2/ Link for SUSE-SU-2024:1539-2 https://lists.suse.com/pipermail/sle-updates/2024-June/035625.html E-Mail link for SUSE-SU-2024:1539-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1223252 SUSE Bug 1223252 https://www.suse.com/security/cve/CVE-2024-30171/ SUSE CVE CVE-2024-30171 page Container containers/apache-pulsar:3.3 SUSE Linux Enterprise Module for Development Tools 15 SP6 openSUSE Leap 15.6 bouncycastle-1.78.1-150200.3.29.1 bouncycastle-pkix-1.78.1-150200.3.29.1 bouncycastle-util-1.78.1-150200.3.29.1 bouncycastle-javadoc-1.78.1-150200.3.29.1 bouncycastle-jmail-1.78.1-150200.3.29.1 bouncycastle-mail-1.78.1-150200.3.29.1 bouncycastle-pg-1.78.1-150200.3.29.1 bouncycastle-tls-1.78.1-150200.3.29.1 bouncycastle-1.78.1-150200.3.29.1 as a component of Container containers/apache-pulsar:3.3 bouncycastle-pkix-1.78.1-150200.3.29.1 as a component of Container containers/apache-pulsar:3.3 bouncycastle-util-1.78.1-150200.3.29.1 as a component of Container containers/apache-pulsar:3.3 bouncycastle-1.78.1-150200.3.29.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 bouncycastle-pg-1.78.1-150200.3.29.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 bouncycastle-pkix-1.78.1-150200.3.29.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 bouncycastle-util-1.78.1-150200.3.29.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 bouncycastle-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 bouncycastle-javadoc-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 bouncycastle-jmail-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 bouncycastle-mail-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 bouncycastle-pg-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 bouncycastle-pkix-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 bouncycastle-tls-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 bouncycastle-util-1.78.1-150200.3.29.1 as a component of openSUSE Leap 15.6 An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. CVE-2024-30171 Container containers/apache-pulsar:3.3:bouncycastle-1.78.1-150200.3.29.1 Container containers/apache-pulsar:3.3:bouncycastle-pkix-1.78.1-150200.3.29.1 Container containers/apache-pulsar:3.3:bouncycastle-util-1.78.1-150200.3.29.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:bouncycastle-1.78.1-150200.3.29.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:bouncycastle-pg-1.78.1-150200.3.29.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:bouncycastle-pkix-1.78.1-150200.3.29.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:bouncycastle-util-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-javadoc-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-jmail-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-mail-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-pg-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-pkix-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-tls-1.78.1-150200.3.29.1 openSUSE Leap 15.6:bouncycastle-util-1.78.1-150200.3.29.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241539-2/ https://www.suse.com/security/cve/CVE-2024-30171.html CVE-2024-30171 https://bugzilla.suse.com/1223252 SUSE Bug 1223252