USN-3727-1: Bouncy Castle vulnerabilities
01 August 2018
- bouncycastle - Java implementation of cryptographic algorithms
It was discovered that Bouncy Castle incorrectly handled certain crypto
algorithms. A remote attacker could possibly use these issues to obtain
sensitive information, including private keys.
The problem can be corrected by updating your system to the following package versions:
- libbcmail-java - 1.49+dfsg-2ubuntu0.1
- libbcpg-java - 1.49+dfsg-2ubuntu0.1
- libbcpkix-java - 1.49+dfsg-2ubuntu0.1
- libbcprov-java - 1.49+dfsg-2ubuntu0.1
In general, a standard system update will make all the necessary changes.