The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation

Synthesis of the vulnerability 

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Vulnerable software: Bouncy Castle JCE, Debian, Fedora, QRadar SIEM, Junos Space, Juniper SBR, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, Tuxedo, WebLogic, JBoss EAP by Red Hat.
Severity of this announce: 1/4.
Creation date: 06/06/2018.
Références of this computer vulnerability: 6356449, CERTFR-2019-AVI-325, cpuapr2019, cpuapr2020, cpuapr2021, cpujan2019, cpujul2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, JSA10939, JSA11023, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323.

Description of the vulnerability 

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Bouncy Castle JCE, Debian, Fedora, QRadar SIEM, Junos Space, Juniper SBR, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, Tuxedo, WebLogic, JBoss EAP by Red Hat.

Our Vigil@nce team determined that the severity of this computer weakness is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat 

Bouncy Castle Java Cryptography Extension: version 1.60.
The version 1.60 is fixed:
  http://www.bouncycastle.org/java.html

Bouncy Castle: patch for RSA Digital Signature Prime Generation.
A patch is indicated in information sources.

Debian 9: new bouncycastle packages.
New packages are available:
  Debian 9: bouncycastle 1.56-1+deb9u2

Fedora: new bouncycastle packages.
New packages are available:
  Fedora 27: bouncycastle 1.59-1.fc27
  Fedora 28: bouncycastle 1.59-1.fc28

IBM QRadar SIEM: patch for Bouncy Castle.
A patch is indicated in information sources.

Junos Space: version 20.1R1.
The version 20.1R1 is fixed:
  https://www.juniper.net/support/downloads/

openSUSE Leap 42.3: new bouncycastle packages.
New packages are available:
  openSUSE Leap 42.3: bouncycastle 1.60-23.10.1

Oracle Communications: CPU of April 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2518758.1
  https://support.oracle.com/rs?type=doc&id=2518763.1
  https://support.oracle.com/rs?type=doc&id=2522151.1
  https://support.oracle.com/rs?type=doc&id=2519787.1
  https://support.oracle.com/rs?type=doc&id=2522126.1
  https://support.oracle.com/rs?type=doc&id=2522123.1
  https://support.oracle.com/rs?type=doc&id=2518753.1
  https://support.oracle.com/rs?type=doc&id=2522121.1
  https://support.oracle.com/rs?type=doc&id=2528862.1
  https://support.oracle.com/rs?type=doc&id=2518754.1

Oracle Communications: CPU of April 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2647690.1
  https://support.oracle.com/rs?type=doc&id=2654603.1
  https://support.oracle.com/rs?type=doc&id=2652618.1
  https://support.oracle.com/rs?type=doc&id=2653087.1
  https://support.oracle.com/rs?type=doc&id=2653688.1
  https://support.oracle.com/rs?type=doc&id=2652610.1
  https://support.oracle.com/rs?type=doc&id=2653279.1
  https://support.oracle.com/rs?type=doc&id=2652619.1
  https://support.oracle.com/rs?type=doc&id=2652621.1
  https://support.oracle.com/rs?type=doc&id=2652606.1
  https://support.oracle.com/rs?type=doc&id=2653691.1
  https://support.oracle.com/rs?type=doc&id=2653692.1
  https://support.oracle.com/rs?type=doc&id=2647687.1
  https://support.oracle.com/rs?type=doc&id=2652622.1

Oracle Communications: CPU of January 2019.
A Critical Patch Update is available:
  https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Communications: CPU of July 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2559239.1
  https://support.oracle.com/rs?type=doc&id=2563691.1
  https://support.oracle.com/rs?type=doc&id=2559240.1
  https://support.oracle.com/rs?type=doc&id=2559722.1
  https://support.oracle.com/rs?type=doc&id=2559225.1
  https://support.oracle.com/rs?type=doc&id=2559721.1
  https://support.oracle.com/rs?type=doc&id=2559256.1
  https://support.oracle.com/rs?type=doc&id=2559242.1
  https://support.oracle.com/rs?type=doc&id=2559243.1
  https://support.oracle.com/rs?type=doc&id=2559648.1

Oracle Fusion Middleware: CPU of April 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Fusion Middleware: CPU of April 2021.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2749094.1

Oracle Fusion Middleware: CPU of January 2019.
A Critical Patch Update is available:
  https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Fusion Middleware: CPU of July 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2534806.1

Red Hat JBoss EAP: version 7.1.4.
The version 7.1.4 is fixed:
  https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.1

Red Hat JBoss Fuse: version 7.1.
The version 7.1 is fixed:
  https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.1.0

Steel Belted Radius Carrier Edition: versions 8.4R14 and 8.5R5.
Versions 8.4R14 and 8.5R5 are fixed.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity workaround. The technology watch team tracks security threats targeting the computer system.