<div class="container">
<h1>Recommended update for bouncycastle, jsch, ed25519-java</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2025:0438-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-12T05:07:38Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Development Tools Module 15-SP6</li>
<li class="list-group-item">openSUSE Leap 15.6</li>
<li class="list-group-item">SUSE Enterprise Storage 7.1</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP3 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP4 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
<li class="list-group-item">SUSE Manager Server 4.3</li>
<li class="list-group-item">SUSE Manager Server 4.3 Module</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that can now be installed.</p>
<h2>Description:</h2>
<p>This update for bouncycastle, jsch and ed25519-java fixes the following issues:</p>
<p>bouncycastle was updated from version 1.78 to 1.79:</p>
<ul>
<li>Bugfixes to address issues with:</li>
<li>Ed25519 signatures</li>
<li>Elephant cipher handling of large messages</li>
<li>CMSSignedData signer replacement</li>
<li>ERSInputStreamData hashing</li>
<li>CRL loading</li>
<li>EC curve name lookups</li>
<li>PhotonBeetle and Xoodyak digest resetting</li>
<li>OCSP caching</li>
<li>Java 21 provider service handling</li>
<li>CMS version calculation</li>
<li>Incorrect PGP armored output version strings</li>
<li>
<p>PGP algorithm lookups</p>
</li>
<li>
<p>New Features and Functionalities:</p>
</li>
<li>Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA.</li>
<li>The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA
(including pre-hash) have been added to the BC provider and the lightweight API.</li>
<li>A new spec, ContextParameterSpec, has been added to support
signature contexts for ML-DSA and SLH-DSA.</li>
<li>BCJSSE: Added support for security property
"jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).</li>
<li>BCJSSE: Added support for signature_algorithms_cert configuration via
"org.bouncycastle.jsse.client.SignatureSchemesCert" and
"org.bouncycastle.jsse.server.SignatureSchemesCert" system properties
or BCSSLParameters property "SignatureSchemesCert".</li>
<li>BCJSSE: Added support for boolean system property
"org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default).</li>
<li>(D)TLS: Removed redundant verification of self-generated RSA signatures.</li>
<li>CompositePrivateKeys now support the latest revision of the composite
signature draft.</li>
<li>Delta Certificates now support the latest revision of the delta
certificate extension draft.</li>
<li>A general KeyIdentifier class, encapsulating both PGP KeyID and the
PGP key fingerprint has been added to the PGP API.</li>
<li>Support for the LibrePGP PreferredEncryptionModes signature subpacket
has been added to the PGP API.</li>
<li>Support for Version 6 signatures, including salts, has been added to the PGP API.</li>
<li>Support for the PreferredKeyServer signature supacket has been added to the PGP API.</li>
<li>Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)",
has been added to the CMS API.</li>
<li>Support for the Argon2 S2K has been added to the PGP API.</li>
<li>The system property "org.bouncycastle.pemreader.lax" has been introduced
for situations where the BC PEM parsing is now too strict.</li>
<li>The system property "org.bouncycastle.ec.disable_f2m" has been introduced
to allow F2m EC support to be disabled.</li>
</ul>
<p>jsch was updated from version 0.2.15 to 0.2.22:</p>
<ul>
<li>Key changes across these versions:</li>
<li>Authentication and logging improvements</li>
<li>Date handling improvements using java.time classes</li>
<li>DHGEX prime modulus enforcement</li>
<li>Expanded KEX algorithm support, this requires Bouncy Castle</li>
<li>Fixed a GSSAPI authentication issue</li>
<li>Fixed possible rekeying timeouts</li>
<li>Fixed SignatureECDSAN private key handling</li>
<li>Improved handling of negated patterns</li>
<li>Introduction of JSchProxyException</li>
<li>Modernized fingerprint output</li>
<li>More accurate ext-info logging</li>
<li>PBKDF2 algorithm additions (SHA512/256 & SHA512/224)</li>
</ul>
<p>ed25519-java:</p>
<ul>
<li>Fixed minor build issues</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch openSUSE-SLE-15.6-2025-438=1</code>
</li>
<li class="list-group-item">
Development Tools Module 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Manager Server 4.3 Module
<br/>
<code>zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP3 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP4 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP5 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-438=1</code>
</li>
<li class="list-group-item">
SUSE Enterprise Storage 7.1
<br/>
<code>zypper in -t patch SUSE-Storage-7.1-2025-438=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.6 (noarch)
<ul>
<li>bouncycastle-mail-1.79-150200.3.32.2</li>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-tls-1.79-150200.3.32.2</li>
<li>jsch-javadoc-0.2.22-150200.11.16.2</li>
<li>bouncycastle-jmail-1.79-150200.3.32.2</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>jsch-demo-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>bouncycastle-javadoc-1.79-150200.3.32.2</li>
<li>ed25519-java-javadoc-0.3.0-150200.5.6.1</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
Development Tools Module 15-SP6 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Manager Server 4.3 Module (noarch)
<ul>
<li>jsch-0.2.22-150200.11.16.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
<li>
SUSE Enterprise Storage 7.1 (noarch)
<ul>
<li>bouncycastle-1.79-150200.3.32.2</li>
<li>ed25519-java-0.3.0-150200.5.6.1</li>
<li>bouncycastle-util-1.79-150200.3.32.2</li>
<li>bouncycastle-pg-1.79-150200.3.32.2</li>
<li>jsch-0.2.22-150200.11.16.2</li>
<li>bouncycastle-pkix-1.79-150200.3.32.2</li>
</ul>
</li>
</ul>
</div>