5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
64.3%
Package : bouncycastle
Version : 1.44+dfsg-2+deb6u1
CVE ID : CVE-2015-7940
Debian Bug : 802671
The Bouncy Castle Java library before 1.51 does not validate that a point
is within the elliptic curve, which makes it easier for remote attackers
to obtain private keys via a series of crafted elliptic curve Diffie
Hellman (ECDH) key exchanges, aka an "invalid curve attack."
For Debian 6 “Squeeze”, this issue has been fixed in version
1.44+dfsg-2+deb6u1 of bouncycastle.
Many thanks to upstream author Peter Dettmann who reviewed the backport
that we prepared.
–
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armhf | libbcmail-java-gcj | < 1.44+dfsg-3.1+deb7u1 | libbcmail-java-gcj_1.44+dfsg-3.1+deb7u1_armhf.deb |
Debian | 7 | s390 | libbcmail-java-gcj | < 1.44+dfsg-3.1+deb7u1 | libbcmail-java-gcj_1.44+dfsg-3.1+deb7u1_s390.deb |
Debian | 8 | all | libbcpkix-java | < 1.49+dfsg-3+deb8u1 | libbcpkix-java_1.49+dfsg-3+deb8u1_all.deb |
Debian | 7 | all | libbcprov-java | < 1.44+dfsg-3.1+deb7u1 | libbcprov-java_1.44+dfsg-3.1+deb7u1_all.deb |
Debian | 7 | sparc | libbctsp-java-gcj | < 1.44+dfsg-3.1+deb7u1 | libbctsp-java-gcj_1.44+dfsg-3.1+deb7u1_sparc.deb |
Debian | 6 | i386 | libbcpg-java-gcj | < 1.44+dfsg-2+deb6u1 | libbcpg-java-gcj_1.44+dfsg-2+deb6u1_i386.deb |
Debian | 7 | sparc | libbcmail-java-gcj | < 1.44+dfsg-3.1+deb7u1 | libbcmail-java-gcj_1.44+dfsg-3.1+deb7u1_sparc.deb |
Debian | 7 | armhf | libbcprov-java-gcj | < 1.44+dfsg-3.1+deb7u1 | libbcprov-java-gcj_1.44+dfsg-3.1+deb7u1_armhf.deb |
Debian | 7 | mipsel | libbcprov-java-gcj | < 1.44+dfsg-3.1+deb7u1 | libbcprov-java-gcj_1.44+dfsg-3.1+deb7u1_mipsel.deb |
Debian | 8 | all | libbcpg-java | < 1.49+dfsg-3+deb8u1 | libbcpg-java_1.49+dfsg-3+deb8u1_all.deb |