Red Hat Bugzilla – Bug 494053
CVE-2007-6721 bouncycastle: unknown vulnerability in simple RSA CMS signatures
Last modified: 2009-05-12 15:46:18 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6721 to
the following vulnerability:
Reference: MLIST:[dev-crypto] 20071109 Bouncy Castle Crypto Provider Package version 1.36 now available
Reference: URL: http://www.bouncycastle.org/devmailarchive/msg08195.html
Reference: CONFIRM: http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
Reference: CONFIRM: http://www.bouncycastle.org/csharp/
Reference: CONFIRM: http://www.bouncycastle.org/releasenotes.html
Reference: URL: http://www.osvdb.org/50358
Reference: URL: http://www.osvdb.org/50359
Reference: URL: http://www.osvdb.org/50360
The Legion of the Bouncy Castle Java Cryptography API before release 1.38 (aka
2.5.2), as used in Crypto Provider Package before 1.36, has unknown impact and
remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA
CMS signatures without signed attributes."
Relevant cvs commit:
This vulnerability does not affect Fedora which ships with 1.41 and higher.
It does not affect Red Hat Satellite as it uses OpenPGP (DSA) signatures, not RSA signatures.