SUSE-RU-2025:0438-1: moderate: Recommended update for bouncycastle, jsch, ed25519-java
SLE-UPDATES
null at suse.de
Wed Feb 12 08:30:16 UTC 2025
# Recommended update for bouncycastle, jsch, ed25519-java
Announcement ID: SUSE-RU-2025:0438-1
Release Date: 2025-02-12T05:07:38Z
Rating: moderate
References:
Affected Products:
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 Module
An update that can now be installed.
## Description:
This update for bouncycastle, jsch and ed25519-java fixes the following issues:
bouncycastle was updated from version 1.78 to 1.79:
* Bugfixes to address issues with:
* Ed25519 signatures
* Elephant cipher handling of large messages
* CMSSignedData signer replacement
* ERSInputStreamData hashing
* CRL loading
* EC curve name lookups
* PhotonBeetle and Xoodyak digest resetting
* OCSP caching
* Java 21 provider service handling
* CMS version calculation
* Incorrect PGP armored output version strings
* PGP algorithm lookups
* New Features and Functionalities:
* Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA.
* The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA
(including pre-hash) have been added to the BC provider and the lightweight
API.
* A new spec, ContextParameterSpec, has been added to support signature
contexts for ML-DSA and SLH-DSA.
* BCJSSE: Added support for security property
"jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).
* BCJSSE: Added support for signature_algorithms_cert configuration via
"org.bouncycastle.jsse.client.SignatureSchemesCert" and
"org.bouncycastle.jsse.server.SignatureSchemesCert" system properties or
BCSSLParameters property "SignatureSchemesCert".
* BCJSSE: Added support for boolean system property
"org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default).
* (D)TLS: Removed redundant verification of self-generated RSA signatures.
* CompositePrivateKeys now support the latest revision of the composite
signature draft.
* Delta Certificates now support the latest revision of the delta certificate
extension draft.
* A general KeyIdentifier class, encapsulating both PGP KeyID and the PGP key
fingerprint has been added to the PGP API.
* Support for the LibrePGP PreferredEncryptionModes signature subpacket has
been added to the PGP API.
* Support for Version 6 signatures, including salts, has been added to the PGP
API.
* Support for the PreferredKeyServer signature supacket has been added to the
PGP API.
* Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)",
has been added to the CMS API.
* Support for the Argon2 S2K has been added to the PGP API.
* The system property "org.bouncycastle.pemreader.lax" has been introduced for
situations where the BC PEM parsing is now too strict.
* The system property "org.bouncycastle.ec.disable_f2m" has been introduced to
allow F2m EC support to be disabled.
jsch was updated from version 0.2.15 to 0.2.22:
* Key changes across these versions:
* Authentication and logging improvements
* Date handling improvements using java.time classes
* DHGEX prime modulus enforcement
* Expanded KEX algorithm support, this requires Bouncy Castle
* Fixed a GSSAPI authentication issue
* Fixed possible rekeying timeouts
* Fixed SignatureECDSAN private key handling
* Improved handling of negated patterns
* Introduction of JSchProxyException
* Modernized fingerprint output
* More accurate ext-info logging
* PBKDF2 algorithm additions (SHA512/256 & SHA512/224)
ed25519-java:
* Fixed minor build issues
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-438=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-438=1
* SUSE Manager Server 4.3 Module
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-438=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-438=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-438=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-438=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-438=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-438=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-438=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-438=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-438=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-438=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-438=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-438=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-438=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* bouncycastle-mail-1.79-150200.3.32.2
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-tls-1.79-150200.3.32.2
* jsch-javadoc-0.2.22-150200.11.16.2
* bouncycastle-jmail-1.79-150200.3.32.2
* bouncycastle-util-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* jsch-demo-0.2.22-150200.11.16.2
* bouncycastle-pg-1.79-150200.3.32.2
* bouncycastle-javadoc-1.79-150200.3.32.2
* ed25519-java-javadoc-0.3.0-150200.5.6.1
* bouncycastle-pkix-1.79-150200.3.32.2
* Development Tools Module 15-SP6 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Manager Server 4.3 Module (noarch)
* jsch-0.2.22-150200.11.16.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
* SUSE Enterprise Storage 7.1 (noarch)
* bouncycastle-1.79-150200.3.32.2
* ed25519-java-0.3.0-150200.5.6.1
* bouncycastle-util-1.79-150200.3.32.2
* bouncycastle-pg-1.79-150200.3.32.2
* jsch-0.2.22-150200.11.16.2
* bouncycastle-pkix-1.79-150200.3.32.2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250212/4fe4f841/attachment.htm>
More information about the sle-updates
mailing list