First published: Mon Jun 04 2018(Updated: )
Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA key pair generator. A remote attacker could exploit this vulnerability to launch further attacks.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | <=1.55 | |
Debian Debian Linux | =8.0 | |
redhat/bouncycastle | <1.56 | 1.56 |
debian/bouncycastle | 1.68-2 1.72-2 1.77-1 | |
IBM GDE | <=3.0.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1000343 is a vulnerability in the Bouncy Castle JCE Provider that could provide weaker than expected security due to a flaw in the DSA key pair generator.
CVE-2016-1000343 affects Bouncy Castle JCE Provider version 1.55 and earlier.
CVE-2016-1000343 has a severity rating of high (7.5).
Yes, the fix for CVE-2016-1000343 is available in version 1.56-1 of Bouncy Castle JCE Provider.
More information about CVE-2016-1000343 can be found at the following references: [CVE-2016-1000343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343), [Ubuntu Security Notice USN-3727-1](https://ubuntu.com/security/notices/USN-3727-1), [NIST CVE-2016-1000343](https://nvd.nist.gov/vuln/detail/CVE-2016-1000343).