Lucene search

K
mageiaGentoo FoundationMGASA-2015-0487
HistoryDec 28, 2015 - 10:23 p.m.

Updated bouncycastle packages fix security vulnerability

2015-12-2822:23:26
Gentoo Foundation
advisories.mageia.org
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.0%

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an “invalid curve attack” (CVE-2015-7940).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchbouncycastle< 1.50-3.1bouncycastle-1.50-3.1.mga5

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.0%