Bug 210825 - RSA signature forgery issues in BouncyCastle < 1.34
RSA signature forgery issues in BouncyCastle < 1.34
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: java-1.4.2-gcj-compat (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Fitzsimmons
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-15 16:48 EDT by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-13 16:44:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2006-10-15 16:48:44 EDT
From BouncyCastle 1.34 release notes:

Security Advisory If you are using RSA with a public exponent of three you 
must upgrade to this release if you want to avoid recent forgery attacks that 
have been described against specific implementations of the RSA signature 
algorithm.

java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected.
Comment 1 Thomas Fitzsimmons 2006-11-29 10:46:20 EST
I've imported Bouncy Castle 1.34 into FC-5 update-testing:

java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.3

and FC-6 updates-testing:

bouncycastle-1.34-1
Comment 2 Thomas Fitzsimmons 2006-12-13 16:44:35 EST
I pushed bouncycastle-1.34-2.fc6 and java-1.4.2-gcj-compat-1.4.2.0-40jpp_83rh.4
to final and built bouncycastle-1.34-2.fc7 in Rawhide.  Closing.

Note You need to log in before you can comment on or make changes to this bug.