CVE-2016-1000345

Priority
Description
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES
CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an
environment where timings can be easily observed, it is possible with
enough observations to identify when the decryption is failing due to
padding.
Notes
Package
Upstream:released (1.56-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.49+dfsg-2ubuntu0.1])
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.59-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.60-1)
Ubuntu 20.04 (Focal Fossa):not-affected (1.60-1)
Patches:
Upstream:https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35
More Information

Updated: 2020-04-24 03:22:27 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)