210825 – RSA signature forgery issues in BouncyCastle < 1.34

Bug 210825 - RSA signature forgery issues in BouncyCastle < 1.34

Summary: RSA signature forgery issues in BouncyCastle < 1.34

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	java-1.4.2-gcj-compat
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Fitzsimmons
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-10-15 20:48 UTC by Ville Skyttä
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-12-13 21:44:35 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ville Skyttä 2006-10-15 20:48:44 UTC

From BouncyCastle 1.34 release notes:

Security Advisory If you are using RSA with a public exponent of three you 
must upgrade to this release if you want to avoid recent forgery attacks that 
have been described against specific implementations of the RSA signature 
algorithm.

java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected.

Comment 1 Thomas Fitzsimmons 2006-11-29 15:46:20 UTC

I've imported Bouncy Castle 1.34 into FC-5 update-testing:

java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.3

and FC-6 updates-testing:

bouncycastle-1.34-1

Comment 2 Thomas Fitzsimmons 2006-12-13 21:44:35 UTC

I pushed bouncycastle-1.34-2.fc6 and java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.4
to final and built bouncycastle-1.34-2.fc7 in Rawhide.  Closing.

Note You need to log in before you can comment on or make changes to this bug.