CVE-2016-1000339

Priority
Description
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary
engine class used for AES was AESFastEngine. Due to the highly table driven
approach used in the algorithm it turns out that if the data channel on the
CPU can be monitored the lookup table accesses are sufficient to leak
information on the AES key being used. There was also a leak in AESEngine
although it was substantially less. AESEngine has been modified to remove
any signs of leakage (testing carried out on Intel X86-64) and is now the
primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine
is now only recommended where otherwise deemed appropriate.
Notes
Package
Upstream:released (1.56-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.49+dfsg-2ubuntu0.1])
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.59-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.60-1)
Ubuntu 20.04 (Focal Fossa):not-affected (1.60-1)
Patches:
Upstream:https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b
Upstream:https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0
More Information

Updated: 2020-04-24 03:20:11 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)