[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2433-1] bouncycastle security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2433-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
November 05, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : bouncycastle
Version        : 1.56-1+deb9u3
CVE ID         : CVE-2020-26939

It was discovered that there was an issue in the bouncycastle crypto
library where attackers could obtain sensitive information due to
observable differences in its response to invalid input.

For Debian 9 "Stretch", this problem has been fixed in version
1.56-1+deb9u3.

We recommend that you upgrade your bouncycastle packages.

For the detailed security status of bouncycastle please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bouncycastle

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl+j2bQACgkQHpU+J9Qx
Hli+eBAAj1TtRNOqv6e3OVpi60MeXpsXYB1lPVd1ciPYjruq5mIbQbLCFK30T747
+beP5PKgsPELjXOQvwzgfjj11x7C+gAL0jlkWDibxHynLDVkwuXRZlbyZl09iI6q
NtJvQdpWulaC5KxQSwW6T6bbhDB3kqHIEtGwXrmRKP5SW92azvzXA/sqiPrZHCHX
Nqc/3QQ22m6rr9bUKRhNv3OBM/YLtQCfXMpBkct+a2vundCIxTDMp26xdPWrWYFK
W0KkQR0qU8StBu3HKV3gpv4WtFUACGMWzkMyoRKOcFBFb3ynxf2zGTzCBBwb77or
/R2FE1d/6LpMfIrBY1R1B/tkzbhjM+DkeUfA98fXII6TIWplG+f6oKixqIr9soQ4
lYExr4llnZ+DifzPq5+/ksBarbFnKWuhmbrR65x3mJX1MBj2IM8K0cbCDcDF0Du0
hmbB8OYoC4DUxEvGCJ1SF5qzb+5BpmWm84fRboPAdNZHKhSpYJQ4OsG8V/Mmf+uu
Xpr56x99ffYr6AavR2riOUl8sNkQ6RswW2aTz4EK0NN/tjA9muyi4xHQUpBuB0jO
9oFmY3XoYPJhFKDnFAg2XMWKrzgmrr9dfcotuU76bY45Z1j64zGFD4GKP29ZrcbW
XI7FmWRTV1XdMFUPuoPd7cwzHOr5SYzJk4LtAwCVVkpc8BGOir8=
=wAZE
-----END PGP SIGNATURE-----


Reply to: