Bug 1444015 (CVE-2015-6644)
Summary: | CVE-2015-6644 bouncycastle: Information disclosure in GCMBlockCipher | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aileenc, bcourt, bkearney, bmaxwell, cbillett, cdewolf, chazlett, csutherl, darran.lofthouse, dimitris, dosoudil, jawilson, jmatthew, jshepherd, langel, lgao, mmccune, mstead, myarboro, ohadlevy, pgier, psakar, pslavice, psotirop, puntogil, rnetuka, rsvoboda, tlestach, tomckay, tsanders, twalsh, vtunka |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | bouncycastle 1.56 | Doc Type: | If docs needed, set a value |
Doc Text: |
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:10:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1444024, 1444025, 1471348, 1545363 | ||
Bug Blocks: | 1444031, 1493931 |
Description
Andrej Nemec
2017-04-20 12:34:54 UTC
Created bouncycastle tracking bugs for this issue: Affects: epel-all [bug 1444025] Affects: fedora-24 [bug 1444024] JBoss fuse ships bouncycastle version 1.54 in fabric8, camel and karaf container. To have the fix for this particular CVE users should update to version 1.56 or later. This issue has been addressed in the following products: Red Hat JBoss Fuse Via RHSA-2017:1832 https://access.redhat.com/errata/RHSA-2017:1832 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0.8 Via RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2810 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2808 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2809 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:2811 This issue has been addressed in the following products: Red Hat Satellite 6.4 for RHEL 7 Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927 |