UBUNTU-CVE-2016-1000344
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2016-1000344
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1000344.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-1000344
- Related
- Published
- 2018-06-04T21:29:00Z
- Modified
- 2018-06-04T21:29:00Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / bouncycastle
Package
- Name
- bouncycastle
Ubuntu:18.04:LTS / bouncycastle
Package
- Name
- bouncycastle
- Purl
- pkg:deb/ubuntu/bouncycastle@1.59-1?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.59-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libbcmail-java": "1.59-1",
"libbcpg-java": "1.59-1",
"libbcpkix-java-doc": "1.59-1",
"libbcprov-java-doc": "1.59-1",
"libbcpg-java-doc": "1.59-1",
"libbcprov-java": "1.59-1",
"libbcpkix-java": "1.59-1",
"libbcmail-java-doc": "1.59-1"
}
]
}