Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210825 Summary: RSA signature forgery issues in BouncyCastle < 1.34 Product: Fedora Core Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: java-1.4.2-gcj-compat AssignedTo: fitzsim@xxxxxxxxxx ReportedBy: ville.skytta@xxxxxx CC: fedora-security-list@xxxxxxxxxx >From BouncyCastle 1.34 release notes: Security Advisory If you are using RSA with a public exponent of three you must upgrade to this release if you want to avoid recent forgery attacks that have been described against specific implementations of the RSA signature algorithm. java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
