DescriptionBouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- TID7022561, published Sa 3. Mär 12:01:15 CET 2018
- openSUSE-SU-2018:1689-1, published Thu, 14 Jun 2018 12:07:50 +0200 (CEST)
- openSUSE-SU-2018:2131-1, published Sat, 28 Jul 2018 16:04:25 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 15.0|| ||Patchnames:
|openSUSE Leap 42.3|| ||Patchnames: