SUSE-SU-2026:1639-1: important: Security update for bouncycastle
SLE-UPDATES
null at suse.de
Tue Apr 28 16:38:52 UTC 2026
# Security update for bouncycastle
Announcement ID: SUSE-SU-2026:1639-1
Release Date: 2026-04-28T11:10:38Z
Rating: important
References:
* bsc#1262225
* bsc#1262226
* bsc#1262227
* bsc#1262228
* bsc#1262232
Cross-References:
* CVE-2025-14813
* CVE-2026-0636
* CVE-2026-3505
* CVE-2026-5588
* CVE-2026-5598
CVSS scores:
* CVE-2025-14813 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-14813 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2025-14813 ( NVD ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Red
* CVE-2026-0636 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-0636 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:X/RE:M/U:Amber
* CVE-2026-3505 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-3505 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3505 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-5588 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-5588 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-5588 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
* CVE-2026-5598 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-5598 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2026-5598 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:Red
Affected Products:
* Development Tools Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves five vulnerabilities can now be installed.
## Description:
This update for bouncycastle fixes the following issues:
Update to version 1.84.
Security issues fixed:
* CVE-2025-14813: GOSTCTR implementation unable to process more than 255
blocks correctly (bsc#1262225).
* CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information
disclosure (bsc#1262226).
* CVE-2026-3505: unbounded PGP AEAD chunk size leads to pre-auth resource
exhaustion (bsc#1262232).
* CVE-2026-5588: PKIX draft CompositeVerifier accepts empty signature sequence
as valid (bsc#1262228).
* CVE-2026-5598: non-constant time comparisons risks private key leakage in
FrodoKEM (bsc#1262227).
Other updates and bugfixes:
* Version 1.84:
* In line with JVM changes, KEM support has been backported to Java 17.
* BCJSSE: Configurable (client) early key_share groups via
BCSSLParameters.earlyKeyShares or
'org.bouncycastle.jsse.client.earlyKeyShares' system property.
* BCJSSE: Support for curveSM2MLKEM768 hybrid NamedGroup in TLS 1.3 per draft-
yang-tls-hybrid-sm2-mlkem-03.
* BCJSSE: Log when default cipher suites are disabled.
* BCJSSE: Experimental support for ShangMi crypto in TLS 1.3 per RFC 8998 (not
enabled by default).
* CMS: Added CMSAuthEnvelopedDataStreamGenerator.open taking an explicit
content type.
* HKDF: Provider support for HKDFParameterSpec.Expand.
* Added initial support for RFC 9380 (Hashing to Elliptic Curves); see
org.bouncycastle.crypto.hash2curve .
* PKCS12: Added default max iteration count of 5,000,000 (configurable via
'org.bouncycastle.pkcs12.max_it_count' property).
* TLS: Use javax.crypto.KEM API (when available) to access ML-KEM
implementation (incl. hybrids).
* A new KeyStore, PKCS12-PBMAC1, has been added which defaults to using PBMAC1
and supports RFC 9879.
* A new property 'org.bouncycastle.asn1.max_cons_depth' has been added to
allow setting of the maximum nesting for SETs/SEQUENCESs in ASN.1. Default
is 32.
* A new property 'org.bouncycastle.asn1.max_limit' has been added to allow
setting of the stream size of ASN.1 encodings. The value can be either in
bytes, or appended with k (1 kilobyte blocks), m (1 megabyte blocks), or g
(1 gigabyte blocks).
* Added NTRU+ support to the lightweight PQC API and the BCPQC provider.
* Added SM4 key wrap/unwrap mode, SM2 key exchange, and logging to SM2Signer.
* OpenPGP: Added encryption-key filtering by purpose, a new OpenPGPKey
constructor, KeyPassphraseProvider-based passphrase change, wildcard
(anonymous) recipient handling, and Web-of-Trust methods for third-party
signature chains and delegations.
* CMSSignedDataStreamGenerator can now support the generation of DER/DL
encoded SignedData objects (note memory restrictions still apply).
* It is now possible to add extra digest alorithm IDs to
CMSSignedDataStreamGenerator when required.
* Random numbers being generated for DSTU4145 signature calculations were 1
bit shorter than they could be. The code has been corrected to allow the
generated numbers to occupy the full numeric range available.
* HKDF implementation has been corrected to use multiple IKMs if available.
* CompositePublic/PrivateKey builders had an issue identifying brainpool and
EdDSA curves from the algorithm names due to an error in the OID mapping
table. This has been fixed.
* S/MIME: Fix AuthEnveloped support for AES192/GCM and AES256/GCM.
* CMS: Use implicit tag for
AuthEnvelopedData.authEncryptedContentInfo.encryptedContent.
* Fixed Strings.split to handle delimiters at position 0.
* Fixed FrodoKEM error sampling to be constant-time.
* Fixed PKIXNameConstraintValidator to treat a DNS name as intersecting
itself.
* Fixed PKCS12 key stores not calling getInstance with the original provider
(which was forcing provider registration).
* A resource leak due to the SMIMESigned constructor leaving background
threads hanging on MessagingException has been fixed.
* OpenPGP: Fixed an issue where a custom signature creation time was ignored
when generating message signatures.
* OpenPGP: Fixed SKESK encoding for direct-S2K-encrypted messages.
* Version 1.83:
* Attempting to check a password on a stripped PGP would throw an exception.
Checking the password on such a key will now always return false.
* Fixed an issue in KangarooTwelve where premature absorption caused erroneous
168-byte padding; absorption is now delayed so correct final-byte padding is
applied.
* BCJSSE: Fix supported_versions creation for renegotiation handshake.
* (D)TLS: Reneg info now oly offered with pre-1.3.
* A generic "COMPOSITE" algorithm name has been added as a JCA Signature
algorithm. The algorithm will identify the composite signature to use from
the composite key passed in.
* The composite signatures implementation has been updated to the final draft
and now follows the submitted standard.
* Support for the generation and use as trust anchors has been added for
certificate signatures with id-alg-unsigned as the signature type.
* Support for CMP direct POP for encryption keys using challenge/response has
been added to the CMP/CRMF APIs.
* Support for SupportedCurves attribute to the BC provider
* BCJSSE: Added support for SLH-DSA signature schemes in TLS 1.3 per draft-
reddy-tls-slhdsa-01.
* Support has been added for the Java 25 KDF API (current algorithms, PBKDF2,
SCRYPT, and HKDF).
* Support for composite signatures is now included in CMS and timestamping.
* It is now possible to disable the Lenstra check in RSA where the public key
is not available via the system/security property
"org.bouncycastle.rsa.no_lenstra_check".
* Version 1.82:
* SNOVA and MAYO are now correctly added to the JCA provider module-info file.
* TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7.
* BCJSSE: Session binding map is now shared across all stages of the session
lifecycle (SunJSSE compatibility).
* The CMCEPrivateKeyParameters#reconstructPublicKey method was returning an
empty byte array. It now returns an encoding of the public key.
* CBZip2InputStream no longer auto-closes at end-of-contents.
* The BC CertPath implementation was eliminating certificates on the bases of
the Key-ID. This is not in accordance with RFC 4158.
* Support for the previous set of libOQS Falcon OIDs has been restored.
* The BC CipherInputStream could throw an exception if asked to handle an AEAD
stream consisting of the MAC only.
* Some KeyAgreement classes were missing in the Java 11 class hierarchy.
* Fix typo in a constant name in the HPKE class and deprecate the old
constant.
* Fuzzing analysis has been done on the OpenPGP API and additional code has
been added to prevent escaping exceptions.
* SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and
EncodableService.
* BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC
9150.
* BCJSSE: Added support for system properties
"jdk.tls.{client,server}.maxInboundCertificateChainLength"
* BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-
ietf-tls-mldsa-00.
* The Composite post-quantum signatures implementation has been updated to the
latest draft (07) draft-ietf-lamps-pq-composite-sigs.
* "_PREHASH" implementations are now provided for all composite signatures to
allow the hash of the date to be used instead of the actual data in
signature calculation.
* The gradle build can now be used to generate an Bill of Materials (BOM)
file.
* It is now possible to configure the SignerInfoVerifierBuilder used by the
SignedMailValidator class.
* The Ascon family of algorithms has been updated with the latest published
changes.
* Composite signature keys can now be constructed from the individual keys of
the algorithms composing the composite.
* PGPSecretKey, PGPSignatureGenerator now support version 6.
* Further optimisation work has been done on ML-KEM public key validation.
* Zeroization of passwords in the JCA PKCS12 key store has been improved.
* The "org.bouncycastle.drbg.effective_256bits_entropy" property has been
added for platforms where the entropy source is not producing 1 full bit of
entropy per bit and additional bits are required (default value 282).
* OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4
compatibility).
* The HQC KEM has been updated with the latest draft updates.
* The legacy post-quantum package has now been removed.
* Version 1.81:
* A potention NullPointerException in the KEM KDF KemUtil class has been
removed.
* Overlapping input/output buffers in doFinal could result in data corruption.
* Fixed Grain-128AEAD decryption incorrectly handle MAC verification.
* Add configurable header validation to prevent malicious header injection in
PGP cleartext signed messages; Fix signature packet encoding issues in
PGPSignature.join() and embedded signatures while phasing out legacy format.
* Fixed ParallelHash initialization stall when using block size B=0.
* The PRF from the PBKDF2 function was been lost when PBMAC1 was initialized
from protectionAlgorithm. This has been fixed.
* The lowlevel DigestFactory was cloning MD5 when being asked to clone SHA1.
* XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/
* Further support has been added for generation and use of PGP V6 keys
* Additional validation has been added for armored headers in Cleartext Signed
Messages.
* The PQC signature algorithm proposal Mayo has been added to the low-level
API and the BCPQC provider.
* The PQC signature algorithm proposal Snova has been added to the low-level
API and the BCPQC provider.
* Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs.
* The Falcon implementation has been updated to the latest draft.
* Support has been added for generating keys which encode as seed-only and
expanded-key-only for ML-KEM and ML-DSA private keys.
* Private key encoding of ML-DSA and ML-KEM private keys now follows the
latest IETF draft.
* The Ascon family of algorithms has been updated to the initial draft of SP
800-232. Some additional optimisation work has been done.
* Support for ML-DSA's external-mu calculation and signing has been added to
the BC provider.
* CMS now supports ML-DSA for SignedData generation.
* Introduce high-level OpenPGP API for message creation/consumption and
certificate evaluation.
* Added JDK21 KEM API implementation for HQC algorithm.
* BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks.
* BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-
agreement-05).
* BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-
mlkem-00).
* BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order
(BCSSLParameters.useNamedGroupsOrder).
* Version 1.80:
* A splitting issue for ML-KEM led to an incorrect size for kemct in
KEMRecipientInfos. This has been fixed.
* The PKCS12 KeyStore has been adjusted to prevent accidental doubling of the
Oracle trusted certificate attribute (results in an IOException when used
with the JVM PKCS12 implementation).
* The SignerInfoGenerator copy constructor was ignoring the certHolder field.
* The getAlgorithm() method return value for a CompositePrivateKey was not
consistent with the corresponding getAlgorithm() return value for the
CompositePrivateKey. This has been fixed.
* The international property files were missing from the bcjmail distribution.
* Issues with ElephantEngine failing on processing large/multi-block messages
have been addressed.
* GCFB mode now fully resets on a reset.
* The lightweight algorithm contestants: Elephant, ISAP, PhotonBeetle, Xoodyak
now support the use of the AEADParameters class and provide accurate
update/doFinal output lengths.
* An unnecessary downcast in CertPathValidatorUtilities was resulting in the
ignoring of URLs for FTP based CRLs.
* A regression in the OpenPGP API could cause NoSuchAlgorithmException to be
thrown when attempting to use SHA-256 in some contexts.
* EtsiTs1029411TypesAuthorization was missing an extension field.
* Interoperability issues with single depth LMS keys have been addressed.
* CompositeSignatures now updated to draft-ietf-lamps-pq-composite-sigs-03.
* ML-KEM, ML-DSA, SLH-DSA, and Composite private keys now use raw encodings as
per the latest drafts from IETF 121: draft-ietf-lamps-kyber-certificates-06,
draft-ietf-lamps-dilithium-certificates-05, and draft-ietf-
lamps-x509-slhdsa.
* Initial support has been added for RFC 9579 PBMAC1 in the PKCS API.
* Support has been added for EC-JPAKE to the lightweight API.
* Support has been added for the direct construction of S/MIME
AuthEnvelopedData objects, via the SMIMEAuthEnvelopedData class.
* An override "org.bouncycastle.asn1.allow_wrong_oid_enc" property has been
added to disable new OID encoding checks (use with caution).
* Support has been added for the PBEParemeterSpec.getParameterSpec() method
where supported by the JVM.
* ML-DSA/SLH-DSA now return null for Signature.getParameters() if no context
is provided. This allows the algorithms to be used with the existing Java
key tool.
* HQC has been updated to reflect the reference implementation released on
2024-10-30.
* Support has been added to the low-level APIs for the OASIS Shamir Secret
Splitting algorithms.
* BCJSSE: System property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" no
longer used. FIPS TLS 1.2 GCM suites can now be enabled according to
JcaTlsCrypto#getFipsGCMNonceGeneratorFactory (see JavaDoc for details) if
done in alignment with FIPS requirements.
* Support has been added for OpenPGP V6 PKESK and message encryption.
* PGPSecretKey.copyWithNewPassword() now includes AEAD support.
* The ASCON family of algorithms have been updated in accordance with the
published FIPS SP 800-232 draft.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1639=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1639=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1639=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1639=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1639=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1639=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1639=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1639=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1639=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1639=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1639=1
## Package List:
* Development Tools Module 15-SP7 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* bouncycastle-1.84-150200.3.35.1
* bouncycastle-pkix-1.84-150200.3.35.1
* bouncycastle-util-1.84-150200.3.35.1
* bouncycastle-pg-1.84-150200.3.35.1
## References:
* https://www.suse.com/security/cve/CVE-2025-14813.html
* https://www.suse.com/security/cve/CVE-2026-0636.html
* https://www.suse.com/security/cve/CVE-2026-3505.html
* https://www.suse.com/security/cve/CVE-2026-5588.html
* https://www.suse.com/security/cve/CVE-2026-5598.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262225
* https://bugzilla.suse.com/show_bug.cgi?id=1262226
* https://bugzilla.suse.com/show_bug.cgi?id=1262227
* https://bugzilla.suse.com/show_bug.cgi?id=1262228
* https://bugzilla.suse.com/show_bug.cgi?id=1262232
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260428/e3fe794a/attachment.htm>
More information about the sle-updates
mailing list