Bug 1100694 - (CVE-2018-1000613) VUL-0: CVE-2018-1000613: bouncycastle: prior to version 1.60 contains a CWE-470: Use of Externally-ControlledInput to Select Classes or Code ('Unsafe Reflection')
(CVE-2018-1000613)
VUL-0: CVE-2018-1000613: bouncycastle: prior to version 1.60 contains a CWE-4...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other openSUSE Factory
: P3 - Medium : Normal (vote)
: Leap 15.1
Assigned To: Security Team bot
E-mail List
https://smash.suse.de/issue/210250/
CVSSv3.1:SUSE:CVE-2018-1000613:4.9:(A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-10 07:01 UTC by Marcus Meissner
Modified: 2022-08-01 10:56 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-07-10 07:01:49 UTC
CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs
version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled
Input to Select Classes or Code ('Unsafe Reflection') vulnerability in
XMSS/XMSS^MT private key deserialization that can result in Deserializing an
XMSS/XMSS^MT private key can result in the execution of unexpected code.. This
attack appear to be exploitable via A handcrafted private key can include
references to unexpected classes which will be picked up from the class path for
the executing application.. This vulnerability appears to have been fixed in
1.60 and later.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000613
https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc
https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574
Comment 5 Tomáš Chvátal 2018-07-19 10:32:10 UTC
Submissions done to Leap 42.3 and 15.0, and Tumbleweed.
Comment 6 Swamp Workflow Management 2018-07-19 11:10:42 UTC
This is an autogenerated message for OBS integration:
This bug (1100694) was mentioned in
https://build.opensuse.org/request/show/624019 15.0 / bouncycastle
https://build.opensuse.org/request/show/624022 Factory / bouncycastle
https://build.opensuse.org/request/show/624023 42.3 / bouncycastle
Comment 7 Andreas Stieger 2018-07-24 10:31:41 UTC
(In reply to Tomáš Chvátal from comment #5)
> Submissions done to Leap 42.3 and 15.0, and Tumbleweed.

Does not build in incident for 42.3:
https://build.opensuse.org/package/show/openSUSE:Maintenance:8463/bouncycastle.openSUSE_Leap_42.3_Update

[  107s] RPM build errors:
[  107s]     File not found: /home/abuild/rpmbuild/BUILDROOT/bouncycastle-1.60-23.6.1.x86_64/usr/share/maven-metadata/bouncycastle.xml

Please check.
Comment 8 Swamp Workflow Management 2018-07-28 14:04:46 UTC
openSUSE-SU-2018:2131-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1072697,1100694
CVE References: CVE-2017-13098,CVE-2018-1000613
Sources used:
openSUSE Leap 15.0 (src):    bouncycastle-1.60-lp150.2.3.1
Comment 9 Swamp Workflow Management 2018-08-03 19:09:16 UTC
openSUSE-SU-2018:2180-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1100694
CVE References: CVE-2018-1000613
Sources used:
openSUSE Leap 42.3 (src):    bouncycastle-1.60-23.7.1
Comment 12 Swamp Workflow Management 2020-04-29 13:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (1100694) was mentioned in
https://build.opensuse.org/request/show/798905 15.1 / bouncycastle
Comment 14 Swamp Workflow Management 2020-05-03 22:17:50 UTC
openSUSE-SU-2020:0607-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1072697,1100694
CVE References: CVE-2017-13098,CVE-2018-1000613
Sources used:
openSUSE Leap 15.1 (src):    bouncycastle-1.60-lp151.3.3.1
Comment 15 Alexandros Toptsoglou 2020-05-04 12:22:52 UTC
Done