Uploaded image for project: 'Portal'
  1. Portal
  2. PORTAL-155 Review security issues: portal
  3. PORTAL-163

NVD - CVE-2016-1000341: bouncycastle issue. Upgrade to 2.4.4

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Medium Medium
    • Beijing Release
    • None
    • None
    • None
    • Portal Sprint 6, Portal Sprint 7

      older version of bouncycastle has vulnerability. 

      This was fixed in version 2.4.4

      https://www.bouncycastle.org/releasenotes.html

      "CVE-2016-1000341: DSA signature generation vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55 or earlier, may allow an attacker to gain information about the signatures k value and ultimately the private value as well."

            sa282w sa282w
            farhan mir farhan mir
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: