FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

The Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")

Affected packages
bouncycastle < 1.59
bouncycastle15 < 1.59

Details

VuXML ID 6a131fbf-ec76-11e7-aa65-001b216d295b
Discovery 2017-12-12
Entry 2017-12-29

The Legion of the Bouncy Castle reports:

Release: 1.59

CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs are not affected by this.

[source]

References

CVE Name CVE-2017-13098
URL https://www.bouncycastle.org/releasenotes.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.