The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libbcmail-java": "1.49+dfsg-2ubuntu0.1", "libbcpg-java": "1.49+dfsg-2ubuntu0.1", "libbcpkix-java-doc": "1.49+dfsg-2ubuntu0.1", "libbcprov-java-doc": "1.49+dfsg-2ubuntu0.1", "libbcpg-java-doc": "1.49+dfsg-2ubuntu0.1", "libbcprov-java": "1.49+dfsg-2ubuntu0.1", "libbcpkix-java": "1.49+dfsg-2ubuntu0.1", "libbcmail-java-doc": "1.49+dfsg-2ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libbcmail-java": "1.51-4ubuntu1", "libbcpg-java": "1.51-4ubuntu1", "libbcpkix-java-doc": "1.51-4ubuntu1", "libbcprov-java-doc": "1.51-4ubuntu1", "libbcpg-java-doc": "1.51-4ubuntu1", "libbcprov-java": "1.51-4ubuntu1", "libbcpkix-java": "1.51-4ubuntu1", "libbcmail-java-doc": "1.51-4ubuntu1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libbcmail-java": "1.59-1", "libbcpg-java": "1.59-1", "libbcpkix-java-doc": "1.59-1", "libbcprov-java-doc": "1.59-1", "libbcpg-java-doc": "1.59-1", "libbcprov-java": "1.59-1", "libbcpkix-java": "1.59-1", "libbcmail-java-doc": "1.59-1" } ] }