Bug 210825

Summary: RSA signature forgery issues in BouncyCastle < 1.34
Product: [Fedora] Fedora Reporter: Ville Skyttä <scop>
Component: java-1.4.2-gcj-compatAssignee: Thomas Fitzsimmons <fitzsim>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: fedora-security-list
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-13 21:44:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2006-10-15 20:48:44 UTC 
From BouncyCastle 1.34 release notes:

Security Advisory If you are using RSA with a public exponent of three you 
must upgrade to this release if you want to avoid recent forgery attacks that 
have been described against specific implementations of the RSA signature 
algorithm.

java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected.
Comment 1 Thomas Fitzsimmons 2006-11-29 15:46:20 UTC 
I've imported Bouncy Castle 1.34 into FC-5 update-testing:

java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.3

and FC-6 updates-testing:

bouncycastle-1.34-1
Comment 2 Thomas Fitzsimmons 2006-12-13 21:44:35 UTC 
I pushed bouncycastle-1.34-2.fc6 and java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.4
to final and built bouncycastle-1.34-2.fc7 in Rawhide.  Closing.