<div class="container">
<h1>Security update for bouncycastle</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2026:1639-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2026-04-28T11:10:38Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262225">bsc#1262225</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262226">bsc#1262226</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262227">bsc#1262227</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262228">bsc#1262228</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262232">bsc#1262232</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-14813.html">CVE-2025-14813</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-0636.html">CVE-2026-0636</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-3505.html">CVE-2026-3505</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-5588.html">CVE-2026-5588</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-5598.html">CVE-2026-5598</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-14813</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-14813</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-14813</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">9.3</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Red</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0636</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0636</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0636</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:X/RE:M/U:Amber</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-3505</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-3505</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-3505</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-5588</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-5588</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-5588</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-5598</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-5598</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-5598</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.9</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:Red</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Development Tools Module 15-SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP4 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP7</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves five vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for bouncycastle fixes the following issues:</p>
<p>Update to version 1.84.</p>
<p>Security issues fixed:</p>
<ul>
<li>CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly (bsc#1262225).</li>
<li>CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure (bsc#1262226).</li>
<li>CVE-2026-3505: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion (bsc#1262232).</li>
<li>CVE-2026-5588: PKIX draft CompositeVerifier accepts empty signature sequence as valid (bsc#1262228).</li>
<li>CVE-2026-5598: non-constant time comparisons risks private key leakage in FrodoKEM (bsc#1262227).</li>
</ul>
<p>Other updates and bugfixes:</p>
<ul>
<li>Version 1.84:</li>
<li>In line with JVM changes, KEM support has been backported to
Java 17.</li>
<li>BCJSSE: Configurable (client) early key_share groups via
BCSSLParameters.earlyKeyShares or
'org.bouncycastle.jsse.client.earlyKeyShares' system property.</li>
<li>BCJSSE: Support for curveSM2MLKEM768 hybrid NamedGroup in TLS
1.3 per draft-yang-tls-hybrid-sm2-mlkem-03.</li>
<li>BCJSSE: Log when default cipher suites are disabled.</li>
<li>BCJSSE: Experimental support for ShangMi crypto in TLS 1.3 per
RFC 8998 (not enabled by default).</li>
<li>CMS: Added CMSAuthEnvelopedDataStreamGenerator.open taking an
explicit content type.</li>
<li>HKDF: Provider support for HKDFParameterSpec.Expand.</li>
<li>Added initial support for RFC 9380 (Hashing to Elliptic Curves);
see org.bouncycastle.crypto.hash2curve .</li>
<li>PKCS12: Added default max iteration count of 5,000,000 (configurable
via 'org.bouncycastle.pkcs12.max_it_count' property).</li>
<li>TLS: Use javax.crypto.KEM API (when available) to access ML-KEM
implementation (incl. hybrids).</li>
<li>A new KeyStore, PKCS12-PBMAC1, has been added which defaults to
using PBMAC1 and supports RFC 9879.</li>
<li>A new property 'org.bouncycastle.asn1.max_cons_depth' has been added
to allow setting of the maximum nesting for SETs/SEQUENCESs in ASN.1.
Default is 32.</li>
<li>A new property 'org.bouncycastle.asn1.max_limit' has been added
to allow setting of the stream size of ASN.1 encodings. The value can
be either in bytes, or appended with k (1 kilobyte blocks), m (1
megabyte blocks), or g (1 gigabyte blocks).</li>
<li>Added NTRU+ support to the lightweight PQC API and the BCPQC provider.</li>
<li>Added SM4 key wrap/unwrap mode, SM2 key exchange, and logging to SM2Signer.</li>
<li>OpenPGP: Added encryption-key filtering by purpose, a new OpenPGPKey
constructor, KeyPassphraseProvider-based passphrase change, wildcard
(anonymous) recipient handling, and Web-of-Trust methods for
third-party signature chains and delegations.</li>
<li>CMSSignedDataStreamGenerator can now support the generation of DER/DL
encoded SignedData objects (note memory restrictions still apply).</li>
<li>It is now possible to add extra digest alorithm IDs to
CMSSignedDataStreamGenerator when required.</li>
<li>Random numbers being generated for DSTU4145 signature calculations
were 1 bit shorter than they could be. The code has been corrected
to allow the generated numbers to occupy the full numeric range available.</li>
<li>HKDF implementation has been corrected to use multiple IKMs if available.</li>
<li>CompositePublic/PrivateKey builders had an issue identifying brainpool
and EdDSA curves from the algorithm names due to an error in the OID
mapping table. This has been fixed.</li>
<li>S/MIME: Fix AuthEnveloped support for AES192/GCM and AES256/GCM.</li>
<li>CMS: Use implicit tag for AuthEnvelopedData.authEncryptedContentInfo.encryptedContent.</li>
<li>Fixed Strings.split to handle delimiters at position 0.</li>
<li>Fixed FrodoKEM error sampling to be constant-time.</li>
<li>Fixed PKIXNameConstraintValidator to treat a DNS name as intersecting itself.</li>
<li>Fixed PKCS12 key stores not calling getInstance with the original provider
(which was forcing provider registration).</li>
<li>A resource leak due to the SMIMESigned constructor leaving background
threads hanging on MessagingException has been fixed.</li>
<li>OpenPGP: Fixed an issue where a custom signature creation time was
ignored when generating message signatures.</li>
<li>
<p>OpenPGP: Fixed SKESK encoding for direct-S2K-encrypted messages.</p>
</li>
<li>
<p>Version 1.83:</p>
</li>
<li>Attempting to check a password on a stripped PGP would throw an
exception. Checking the password on such a key will now always
return false.</li>
<li>Fixed an issue in KangarooTwelve where premature absorption caused
erroneous 168-byte padding; absorption is now delayed so correct
final-byte padding is applied.</li>
<li>BCJSSE: Fix supported_versions creation for renegotiation handshake.</li>
<li>(D)TLS: Reneg info now oly offered with pre-1.3.</li>
<li>A generic "COMPOSITE" algorithm name has been added as a JCA
Signature algorithm. The algorithm will identify the composite
signature to use from the composite key passed in.</li>
<li>The composite signatures implementation has been updated to the
final draft and now follows the submitted standard.</li>
<li>Support for the generation and use as trust anchors has been added
for certificate signatures with id-alg-unsigned as the signature type.</li>
<li>Support for CMP direct POP for encryption keys using
challenge/response has been added to the CMP/CRMF APIs.</li>
<li>Support for SupportedCurves attribute to the BC provider</li>
<li>BCJSSE: Added support for SLH-DSA signature schemes in TLS 1.3 per
draft-reddy-tls-slhdsa-01.</li>
<li>Support has been added for the Java 25 KDF API (current algorithms,
PBKDF2, SCRYPT, and HKDF).</li>
<li>Support for composite signatures is now included in CMS and timestamping.</li>
<li>
<p>It is now possible to disable the Lenstra check in RSA where the public
key is not available via the system/security property
"org.bouncycastle.rsa.no_lenstra_check".</p>
</li>
<li>
<p>Version 1.82:</p>
</li>
<li>SNOVA and MAYO are now correctly added to the JCA provider module-info file.</li>
<li>TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7.</li>
<li>BCJSSE: Session binding map is now shared across all stages of the
session lifecycle (SunJSSE compatibility).</li>
<li>The CMCEPrivateKeyParameters#reconstructPublicKey method was returning
an empty byte array. It now returns an encoding of the public key.</li>
<li>CBZip2InputStream no longer auto-closes at end-of-contents.</li>
<li>The BC CertPath implementation was eliminating certificates on the
bases of the Key-ID. This is not in accordance with RFC 4158.</li>
<li>Support for the previous set of libOQS Falcon OIDs has been restored.</li>
<li>The BC CipherInputStream could throw an exception if asked to handle an
AEAD stream consisting of the MAC only.</li>
<li>Some KeyAgreement classes were missing in the Java 11 class hierarchy.</li>
<li>Fix typo in a constant name in the HPKE class and deprecate the old constant.</li>
<li>Fuzzing analysis has been done on the OpenPGP API and additional code
has been added to prevent escaping exceptions.</li>
<li>SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable
and EncodableService.</li>
<li>BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150.</li>
<li>BCJSSE: Added support for system properties "jdk.tls.{client,server}.maxInboundCertificateChainLength"</li>
<li>BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-ietf-tls-mldsa-00.</li>
<li>The Composite post-quantum signatures implementation has been updated to
the latest draft (07) draft-ietf-lamps-pq-composite-sigs.</li>
<li>"_PREHASH" implementations are now provided for all composite signatures
to allow the hash of the date to be used instead of the actual data in
signature calculation.</li>
<li>The gradle build can now be used to generate an Bill of Materials (BOM) file.</li>
<li>It is now possible to configure the SignerInfoVerifierBuilder used by the
SignedMailValidator class.</li>
<li>The Ascon family of algorithms has been updated with the latest published changes.</li>
<li>Composite signature keys can now be constructed from the individual keys of
the algorithms composing the composite.</li>
<li>PGPSecretKey, PGPSignatureGenerator now support version 6.</li>
<li>Further optimisation work has been done on ML-KEM public key validation.</li>
<li>Zeroization of passwords in the JCA PKCS12 key store has been improved.</li>
<li>The "org.bouncycastle.drbg.effective_256bits_entropy" property has been
added for platforms where the entropy source is not producing 1 full bit
of entropy per bit and additional bits are required (default value 282).</li>
<li>OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility).</li>
<li>The HQC KEM has been updated with the latest draft updates.</li>
<li>
<p>The legacy post-quantum package has now been removed.</p>
</li>
<li>
<p>Version 1.81:</p>
</li>
<li>A potention NullPointerException in the KEM KDF KemUtil class
has been removed.</li>
<li>Overlapping input/output buffers in doFinal could result in
data corruption.</li>
<li>Fixed Grain-128AEAD decryption incorrectly handle MAC verification.</li>
<li>Add configurable header validation to prevent malicious header
injection in PGP cleartext signed messages; Fix signature packet
encoding issues in PGPSignature.join() and embedded signatures
while phasing out legacy format.</li>
<li>Fixed ParallelHash initialization stall when using block size B=0.</li>
<li>The PRF from the PBKDF2 function was been lost when PBMAC1 was
initialized from protectionAlgorithm. This has been fixed.</li>
<li>The lowlevel DigestFactory was cloning MD5 when being asked
to clone SHA1.</li>
<li>XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/</li>
<li>Further support has been added for generation and use of PGP V6 keys</li>
<li>Additional validation has been added for armored headers in Cleartext
Signed Messages.</li>
<li>The PQC signature algorithm proposal Mayo has been added to the
low-level API and the BCPQC provider.</li>
<li>The PQC signature algorithm proposal Snova has been added to the
low-level API and the BCPQC provider.</li>
<li>Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs.</li>
<li>The Falcon implementation has been updated to the latest draft.</li>
<li>Support has been added for generating keys which encode as seed-only
and expanded-key-only for ML-KEM and ML-DSA private keys.</li>
<li>Private key encoding of ML-DSA and ML-KEM private keys now follows
the latest IETF draft.</li>
<li>The Ascon family of algorithms has been updated to the initial draft
of SP 800-232. Some additional optimisation work has been done.</li>
<li>Support for ML-DSA's external-mu calculation and signing has been
added to the BC provider.</li>
<li>CMS now supports ML-DSA for SignedData generation.</li>
<li>Introduce high-level OpenPGP API for message creation/consumption
and certificate evaluation.</li>
<li>Added JDK21 KEM API implementation for HQC algorithm.</li>
<li>BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks.</li>
<li>BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-agreement-05).</li>
<li>BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-mlkem-00).</li>
<li>
<p>BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order
(BCSSLParameters.useNamedGroupsOrder).</p>
</li>
<li>
<p>Version 1.80:</p>
</li>
<li>A splitting issue for ML-KEM led to an incorrect size for kemct
in KEMRecipientInfos. This has been fixed.</li>
<li>The PKCS12 KeyStore has been adjusted to prevent accidental doubling
of the Oracle trusted certificate attribute (results in an IOException
when used with the JVM PKCS12 implementation).</li>
<li>The SignerInfoGenerator copy constructor was ignoring the certHolder field.</li>
<li>The getAlgorithm() method return value for a CompositePrivateKey was
not consistent with the corresponding getAlgorithm() return value for
the CompositePrivateKey. This has been fixed.</li>
<li>The international property files were missing from the bcjmail distribution.</li>
<li>Issues with ElephantEngine failing on processing large/multi-block messages
have been addressed.</li>
<li>GCFB mode now fully resets on a reset.</li>
<li>The lightweight algorithm contestants: Elephant, ISAP, PhotonBeetle,
Xoodyak now support the use of the AEADParameters class and provide
accurate update/doFinal output lengths.</li>
<li>An unnecessary downcast in CertPathValidatorUtilities was resulting
in the ignoring of URLs for FTP based CRLs.</li>
<li>A regression in the OpenPGP API could cause NoSuchAlgorithmException
to be thrown when attempting to use SHA-256 in some contexts.</li>
<li>EtsiTs1029411TypesAuthorization was missing an extension field.</li>
<li>Interoperability issues with single depth LMS keys have been addressed.</li>
<li>CompositeSignatures now updated to draft-ietf-lamps-pq-composite-sigs-03.</li>
<li>ML-KEM, ML-DSA, SLH-DSA, and Composite private keys now use raw encodings
as per the latest drafts from IETF 121: draft-ietf-lamps-kyber-certificates-06,
draft-ietf-lamps-dilithium-certificates-05, and draft-ietf-lamps-x509-slhdsa.</li>
<li>Initial support has been added for RFC 9579 PBMAC1 in the PKCS API.</li>
<li>Support has been added for EC-JPAKE to the lightweight API.</li>
<li>Support has been added for the direct construction of S/MIME AuthEnvelopedData
objects, via the SMIMEAuthEnvelopedData class.</li>
<li>An override "org.bouncycastle.asn1.allow_wrong_oid_enc" property has been
added to disable new OID encoding checks (use with caution).</li>
<li>Support has been added for the PBEParemeterSpec.getParameterSpec()
method where supported by the JVM.</li>
<li>ML-DSA/SLH-DSA now return null for Signature.getParameters() if no context
is provided. This allows the algorithms to be used with the existing Java key tool.</li>
<li>HQC has been updated to reflect the reference implementation released on 2024-10-30.</li>
<li>Support has been added to the low-level APIs for the OASIS Shamir Secret
Splitting algorithms.</li>
<li>BCJSSE: System property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12"
no longer used. FIPS TLS 1.2 GCM suites can now be enabled according to
JcaTlsCrypto#getFipsGCMNonceGeneratorFactory (see JavaDoc for details) if
done in alignment with FIPS requirements.</li>
<li>Support has been added for OpenPGP V6 PKESK and message encryption.</li>
<li>PGPSecretKey.copyWithNewPassword() now includes AEAD support.</li>
<li>The ASCON family of algorithms have been updated in accordance with the
published FIPS SP 800-232 draft.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
Development Tools Module 15-SP7
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP4 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP5 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP6 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1639=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1639=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
Development Tools Module 15-SP7 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
<ul>
<li>bouncycastle-1.84-150200.3.35.1</li>
<li>bouncycastle-pkix-1.84-150200.3.35.1</li>
<li>bouncycastle-util-1.84-150200.3.35.1</li>
<li>bouncycastle-pg-1.84-150200.3.35.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-14813.html">https://www.suse.com/security/cve/CVE-2025-14813.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-0636.html">https://www.suse.com/security/cve/CVE-2026-0636.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-3505.html">https://www.suse.com/security/cve/CVE-2026-3505.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-5588.html">https://www.suse.com/security/cve/CVE-2026-5588.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-5598.html">https://www.suse.com/security/cve/CVE-2026-5598.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262225">https://bugzilla.suse.com/show_bug.cgi?id=1262225</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262226">https://bugzilla.suse.com/show_bug.cgi?id=1262226</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262227">https://bugzilla.suse.com/show_bug.cgi?id=1262227</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262228">https://bugzilla.suse.com/show_bug.cgi?id=1262228</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1262232">https://bugzilla.suse.com/show_bug.cgi?id=1262232</a>
</li>
</ul>
</div>