BouncyCastle before version 1.78 is vulnerable to timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP). References: https://www.bouncycastle.org/releasenotes.html https://github.com/bcgit/bc-java/issues/1528 https://people.redhat.com/~hkario/marvin/
Created bouncycastle tracking bugs for this issue: Affects: fedora-all [bug 2276362]
This issue has been addressed in the following products: Red Hat JBoss AMQ Via RHSA-2024:4271 https://access.redhat.com/errata/RHSA-2024:4271
This issue has been addressed in the following products: Cryostat 3 on RHEL 8 Via RHSA-2024:4173 https://access.redhat.com/errata/RHSA-2024:4173
This issue has been addressed in the following products: Red Hat build of Quarkus 3.8.5 Via RHSA-2024:4326 https://access.redhat.com/errata/RHSA-2024:4326
This issue has been addressed in the following products: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 Via RHSA-2024:4505 https://access.redhat.com/errata/RHSA-2024:4505
This issue has been addressed in the following products: Red Hat build of Apache Camel 4.4.1 for Spring Boot Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2024:5145 https://access.redhat.com/errata/RHSA-2024:5145
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2024:5143 https://access.redhat.com/errata/RHSA-2024:5143
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2024:5144 https://access.redhat.com/errata/RHSA-2024:5144
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:5147 https://access.redhat.com/errata/RHSA-2024:5147
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Via RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Via RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481