Candidate: CVE-2018-1000180
PublicDate: 2018-06-05 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
 https://www.bouncycastle.org/jira/browse/BJA-694
 https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test
Description:
 Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a
 flaw in the Low-level interface to RSA key pair generator, specifically RSA
 Key Pairs generated in low-level API with added certainty may have less M-R
 tests than expected. This appears to be fixed in versions BC 1.60 beta 4
 and later, BC-FJA 1.0.2 and later.
Ubuntu-Description:
Notes:
 leosilva> trusty is not affected. Issue introduced in 1.54
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_bouncycastle:
 upstream: https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
 upstream: https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
upstream_bouncycastle: released (1.59-2)
precise/esm_bouncycastle: DNE
trusty_bouncycastle: not-affected (code not present)
trusty/esm_bouncycastle: DNE (trusty was not-affected [code not present])
xenial_bouncycastle: not-affected (code not present)
artful_bouncycastle: ignored (reached end-of-life)
bionic_bouncycastle: needed
cosmic_bouncycastle: not-affected (1.60-1)
disco_bouncycastle: not-affected (1.60-1)
eoan_bouncycastle: not-affected (1.60-1)
focal_bouncycastle: not-affected (1.60-1)
groovy_bouncycastle: not-affected (1.60-1)
hirsute_bouncycastle: not-affected (1.60-1)
impish_bouncycastle: not-affected (1.60-1)
jammy_bouncycastle: not-affected (1.60-1)
devel_bouncycastle: not-affected (1.60-1)