Recommended update for bouncycastle, jsch, ed25519-java

Announcement ID: SUSE-RU-2025:0438-1
Release Date: 2025-02-12T05:07:38Z
Rating: moderate
References:
Affected Products:
  • Development Tools Module 15-SP6
  • openSUSE Leap 15.6
  • SUSE Enterprise Storage 7.1
  • SUSE Linux Enterprise Desktop 15 SP6
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP3 LTSS
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server 15 SP4 LTSS
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP5 LTSS
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Manager Server 4.3
  • SUSE Manager Server 4.3 Module

An update that can now be installed.

Description:

This update for bouncycastle, jsch and ed25519-java fixes the following issues:

bouncycastle was updated from version 1.78 to 1.79:

  • Bugfixes to address issues with:
  • Ed25519 signatures
  • Elephant cipher handling of large messages
  • CMSSignedData signer replacement
  • ERSInputStreamData hashing
  • CRL loading
  • EC curve name lookups
  • PhotonBeetle and Xoodyak digest resetting
  • OCSP caching
  • Java 21 provider service handling
  • CMS version calculation
  • Incorrect PGP armored output version strings

  • PGP algorithm lookups

  • New Features and Functionalities:

  • Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA.
  • The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA (including pre-hash) have been added to the BC provider and the lightweight API.
  • A new spec, ContextParameterSpec, has been added to support signature contexts for ML-DSA and SLH-DSA.
  • BCJSSE: Added support for security property "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).
  • BCJSSE: Added support for signature_algorithms_cert configuration via "org.bouncycastle.jsse.client.SignatureSchemesCert" and "org.bouncycastle.jsse.server.SignatureSchemesCert" system properties or BCSSLParameters property "SignatureSchemesCert".
  • BCJSSE: Added support for boolean system property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default).
  • (D)TLS: Removed redundant verification of self-generated RSA signatures.
  • CompositePrivateKeys now support the latest revision of the composite signature draft.
  • Delta Certificates now support the latest revision of the delta certificate extension draft.
  • A general KeyIdentifier class, encapsulating both PGP KeyID and the PGP key fingerprint has been added to the PGP API.
  • Support for the LibrePGP PreferredEncryptionModes signature subpacket has been added to the PGP API.
  • Support for Version 6 signatures, including salts, has been added to the PGP API.
  • Support for the PreferredKeyServer signature supacket has been added to the PGP API.
  • Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)", has been added to the CMS API.
  • Support for the Argon2 S2K has been added to the PGP API.
  • The system property "org.bouncycastle.pemreader.lax" has been introduced for situations where the BC PEM parsing is now too strict.
  • The system property "org.bouncycastle.ec.disable_f2m" has been introduced to allow F2m EC support to be disabled.

jsch was updated from version 0.2.15 to 0.2.22:

  • Key changes across these versions:
  • Authentication and logging improvements
  • Date handling improvements using java.time classes
  • DHGEX prime modulus enforcement
  • Expanded KEX algorithm support, this requires Bouncy Castle
  • Fixed a GSSAPI authentication issue
  • Fixed possible rekeying timeouts
  • Fixed SignatureECDSAN private key handling
  • Improved handling of negated patterns
  • Introduction of JSchProxyException
  • Modernized fingerprint output
  • More accurate ext-info logging
  • PBKDF2 algorithm additions (SHA512/256 & SHA512/224)

ed25519-java:

  • Fixed minor build issues

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.6
    zypper in -t patch openSUSE-SLE-15.6-2025-438=1
  • Development Tools Module 15-SP6
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-438=1
  • SUSE Manager Server 4.3 Module
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-438=1
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-438=1
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-438=1
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-438=1
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-438=1
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-438=1
  • SUSE Linux Enterprise Server 15 SP3 LTSS
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-438=1
  • SUSE Linux Enterprise Server 15 SP4 LTSS
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-438=1
  • SUSE Linux Enterprise Server 15 SP5 LTSS
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-438=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-438=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-438=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-438=1
  • SUSE Enterprise Storage 7.1
    zypper in -t patch SUSE-Storage-7.1-2025-438=1

Package List:

  • openSUSE Leap 15.6 (noarch)
    • bouncycastle-mail-1.79-150200.3.32.2
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-tls-1.79-150200.3.32.2
    • jsch-javadoc-0.2.22-150200.11.16.2
    • bouncycastle-jmail-1.79-150200.3.32.2
    • bouncycastle-util-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • jsch-demo-0.2.22-150200.11.16.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • bouncycastle-javadoc-1.79-150200.3.32.2
    • ed25519-java-javadoc-0.3.0-150200.5.6.1
    • bouncycastle-pkix-1.79-150200.3.32.2
  • Development Tools Module 15-SP6 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Manager Server 4.3 Module (noarch)
    • jsch-0.2.22-150200.11.16.2
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2
  • SUSE Enterprise Storage 7.1 (noarch)
    • bouncycastle-1.79-150200.3.32.2
    • ed25519-java-0.3.0-150200.5.6.1
    • bouncycastle-util-1.79-150200.3.32.2
    • bouncycastle-pg-1.79-150200.3.32.2
    • jsch-0.2.22-150200.11.16.2
    • bouncycastle-pkix-1.79-150200.3.32.2