http://bugzilla.opensuse.org/show_bug.cgi?id=1096291 Bug ID: 1096291 Summary: VUL-0: CVE-2018-1000180: bouncycastle: flaw in the low-level interface to RSA key pair generator Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/207267/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: pmonrealgonzalez@suse.com Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2018-1000180 Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000180 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000180.html https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-... https://www.bouncycastle.org/jira/browse/BJA-694 https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729ac... https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a... -- You are receiving this mail because: You are on the CC list for the bug.