Several Security Defects in the Bouncy Castle Crypto APIs

2018-06-30T00:00:00
ID FE93803C-883F-11E8-9F0C-001B216D295B
Type freebsd
Reporter FreeBSD
Modified 2018-06-30T00:00:00

Description

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.