Lucene search
K

openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2018:2820-1)

🗓️ 25 Sep 2018 00:00:00Reported by Copyright (C) 2018 Greenbone Networks GmbHType 
openvas
 openvas
🔗 plugins.openvas.org👁 35 Views

Security update for bouncycastle package on openSUSE Leap 42.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator
13 Nov 202019:10
ibm
IBM Security Bulletins
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
31 Mar 202413:53
ibm
IBM Security Bulletins
Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities
19 Apr 202121:45
ibm
IBM Security Bulletins
Security Bulletin: Bouncy Castle as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000613, CVE-2017-13098, CVE-2018-1000180)
5 Feb 202119:10
ibm
IBM Security Bulletins
Security Bulletin: Bouncy Castle Vulnerabilities Affect IBM Sterling B2B Integrator
6 Oct 202114:43
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis
16 Apr 202115:46
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
13 Apr 202120:46
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in multiple Open Source Software (OSS) components
5 Feb 202418:40
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling File Gateway is vulnerable to multiple issues due to Bouncy Castle
14 Oct 202221:58
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool v9.
3 Apr 202008:05
ibm
Rows per page
# Copyright (C) 2018 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.851908");
  script_version("2025-02-28T05:38:49+0000");
  script_tag(name:"last_modification", value:"2025-02-28 05:38:49 +0000 (Fri, 28 Feb 2025)");
  script_tag(name:"creation_date", value:"2018-09-25 08:23:56 +0200 (Tue, 25 Sep 2018)");
  script_cve_id("CVE-2018-1000180");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-06-14 18:15:00 +0000 (Mon, 14 Jun 2021)");
  script_tag(name:"qod_type", value:"package");
  script_name("openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2018:2820-1)");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'bouncycastle'
  package(s) announced via the referenced advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for bouncycastle fixes the following security issue:

  - CVE-2018-1000180: Fixed flaw in the Low-level interface to RSA key pair
  generator. RSA Key Pairs generated in low-level API with added certainty
  may had less M-R tests than expected (bsc#1096291).

  Patch Instructions:

  To install this openSUSE Security Update use the SUSE recommended
  installation methods
  like YaST online_update or 'zypper patch'.

  Alternatively you can run the command listed for your product:

  - openSUSE Leap 42.3:

  zypper in -t patch openSUSE-2018-1043=1");

  script_tag(name:"affected", value:"bouncycastle on openSUSE Leap 42.3");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_xref(name:"openSUSE-SU", value:"2018:2820-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00068.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/opensuse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap42\.3");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap42.3") {
  if(!isnull(res = isrpmvuln(pkg:"bouncycastle", rpm:"bouncycastle~1.60~23.10.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"bouncycastle-javadoc", rpm:"bouncycastle-javadoc~1.60~23.10.1", rls:"openSUSELeap42.3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 Feb 2025 00:00Current
7.9High risk
Vulners AI Score7.9
CVSS 25
CVSS 37.5
EPSS0.03622
35