5 - USN-3727-1

Executive Summary

Summary
Title	Bouncy Castle vulnerabilities

Informations
Name	USN-3727-1	First vendor Publication	2018-08-01
Vendor	Ubuntu	Last vendor Modification	2018-08-01
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Bouncy Castle.

Software Description: - bouncycastle: Java implementation of cryptographic algorithms

Details:

It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
libbcmail-java 1.49+dfsg-2ubuntu0.1
libbcpg-java 1.49+dfsg-2ubuntu0.1
libbcpkix-java 1.49+dfsg-2ubuntu0.1
libbcprov-java 1.49+dfsg-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3727-1
CVE-2015-6644, CVE-2015-7940, CVE-2016-1000338, CVE-2016-1000339,
CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000345,
CVE-2016-1000346

Package Information:
https://launchpad.net/ubuntu/+source/bouncycastle/1.49+dfsg-2ubuntu0.1

Original Source

Url : http://www.ubuntu.com/usn/USN-3727-1

CWE : Common Weakness Enumeration

%	Id	Name
30 %	CWE-310	Cryptographic Issues
20 %	CWE-361	Time and State
20 %	CWE-347	Improper Verification of Cryptographic Signature
20 %	CWE-200	Information Exposure
10 %	CWE-320	Key Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.54:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.47:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.46:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.45:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.44:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.43:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.42:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.41:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.40:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.39:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.38:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.37:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api::::::::	49
Application	Oracle Application Testing Suite cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::* cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:::::::* cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:::::::*	3
Application	Oracle Enterprise Manager Ops Center cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:::::::* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:::::::*	2
Application	Oracle Peoplesoft Enterprise Peopletools cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:::::::*	2
Application	Oracle Virtual Desktop Infrastructure cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:::::::*	1
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::*	1
Os	Google Android cpe:2.3:o:google:android:6.0.1:::::::* cpe:2.3:o:google:android:6.0:::::::* cpe:2.3:o:google:android:5.1.1:::::::* cpe:2.3:o:google:android:5.1.0:::::::* cpe:2.3:o:google:android:5.0.2:::::::* cpe:2.3:o:google:android:5.0.1:::::::* cpe:2.3:o:google:android:5.0:::::::* cpe:2.3:o:google:android:4.4.4:::::::*	8
Os	Opensuse Leap cpe:2.3:o:opensuse:leap:42.1:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.2:::::::* cpe:2.3:o:opensuse:opensuse:13.1:::::::*	2

Nessus® Vulnerability Scanner

Date	Description
2018-07-09	Name : The remote Debian host is missing a security update. File : debian_DLA-1418.nasl - Type : ACT_GATHER_INFO
2017-09-28	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2808.nasl - Type : ACT_GATHER_INFO
2017-09-28	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2809.nasl - Type : ACT_GATHER_INFO
2017-09-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2811.nasl - Type : ACT_GATHER_INFO
2017-07-20	Name : An enterprise management application installed on the remote host is affected... File : oracle_enterprise_manager_jul_2017_cpu.nasl - Type : ACT_GATHER_INFO
2017-05-02	Name : The remote Fedora host is missing a security update. File : fedora_2017-4c3ac44551.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3829.nasl - Type : ACT_GATHER_INFO
2017-04-11	Name : The remote Debian host is missing a security update. File : debian_DLA-893.nasl - Type : ACT_GATHER_INFO
2017-01-25	Name : An enterprise management application installed on the remote host is affected... File : oracle_enterprise_manager_jan_2017_cpu.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-7d95466eda.nasl - Type : ACT_GATHER_INFO
2015-12-15	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3417.nasl - Type : ACT_GATHER_INFO
2015-12-09	Name : The remote Debian host is missing a security update. File : debian_DLA-361.nasl - Type : ACT_GATHER_INFO
2015-11-05	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-705.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2019-01-08 00:18:59	First insertion

Global Informations

Type	Count
CWE ID(s)	10
CPE ID(s)	69
Nessus® Exploit(s)	13

	Related
7.5	CVE-2016-1000343
7.5	CVE-2016-1000342
7.5	CVE-2016-1000338
5.9	CVE-2016-1000345
5.9	CVE-2016-1000341
5.3	CVE-2016-1000339
5	CVE-2015-7940
3.7	CVE-2016-1000346
3.3	CVE-2015-6644
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 9 more Alert(s)

5 - USN-3727-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU