[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug: #802671 CVE-2015-7940 bouncycastle: ECC private keys can be recovered via invalid curve attack

[resending the original e-mail because the attachment size apparently
exceeded the limit]

Hello security team,

I have prepared two uploads for bouncycastle to fix #802671 [1] based on
the work of Raphael Hertzog and one of the upstream developers of
bouncycastle, Peter Dettman.

The changes for wheezy are identical to the already uploaded squeeze-LTS
update. I had to rebase and change patch 1 and 2 for Jessie because
of the different upstream version. The fix passes the test suite.

I am attaching the proposed debdiffs for this vulnerability. Please let
me know if I can upload the packages to security-master.

Proposed announcement text:

The Bouncy Castle Java library before 1.51 does not validate that a
point is within the elliptic curve, which makes it easier for remote
attackers to obtain private keys via a series of crafted elliptic curve
Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack.



[1] https://bugs.debian.org/802671

Attachment: bouncycastle_CVE_2015_7940.tar.gz
Description: application/gzip

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: