Packages
- bouncycastle - Java implementation of cryptographic algorithms
Details
It was discovered that Bouncy Castle did not sanitize user input when
inserting it into an LDAP search filter. An attacker could possibly use
this issue to perform an LDAP injection attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-33201)
It was discovered that Bouncy Castle incorrectly handled specially crafted
F2m parameters in the ECCurve algorithm. An attacker could possibly use
this issue to cause Bouncy Castle to use excessive resources, leading to a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-29857)
It was discovered that Bouncy Castle leaked timing information when
handling exceptions during an RSA handshake. An attacker could possibly use
this issue to obtain sensitive information. This...
It was discovered that Bouncy Castle did not sanitize user input when
inserting it into an LDAP search filter. An attacker could possibly use
this issue to perform an LDAP injection attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-33201)
It was discovered that Bouncy Castle incorrectly handled specially crafted
F2m parameters in the ECCurve algorithm. An attacker could possibly use
this issue to cause Bouncy Castle to use excessive resources, leading to a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-29857)
It was discovered that Bouncy Castle leaked timing information when
handling exceptions during an RSA handshake. An attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS.
(CVE-2024-30171)
It was discovered that Bouncy Castle incorrectly handled endpoint
identification with an SSL socket enabled without an explicit hostname. An
attacker could possibly use this issue to perform a DNS poisoning attack.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-34447)
Bing Shi discovered that Bouncy Castle incorrectly handled resource memory
allocation. An attacker could possibly use this issue to cause Bouncy
Castle to use excessive resources, leading to a denial of service. This
issue only affected Ubuntu 24.04 LTS. (CVE-2025-8916)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 24.04 LTS noble | libbcjmail-java – 1.77-1ubuntu0.1~esm1 | ||
| libbcmail-java – 1.77-1ubuntu0.1~esm1 | |||
| libbcpg-java – 1.77-1ubuntu0.1~esm1 | |||
| libbcpkix-java – 1.77-1ubuntu0.1~esm1 | |||
| libbcprov-java – 1.77-1ubuntu0.1~esm1 | |||
| libbctls-java – 1.77-1ubuntu0.1~esm1 | |||
| libbcutil-java – 1.77-1ubuntu0.1~esm1 | |||
| 22.04 LTS jammy | libbcmail-java – 1.68-5ubuntu0.1~esm1 | ||
| libbcpg-java – 1.68-5ubuntu0.1~esm1 | |||
| libbcpkix-java – 1.68-5ubuntu0.1~esm1 | |||
| libbcprov-java – 1.68-5ubuntu0.1~esm1 | |||
| libbctls-java – 1.68-5ubuntu0.1~esm1 | |||
| 20.04 LTS focal | libbcmail-java – 1.61-1ubuntu0.1~esm1 | ||
| libbcpg-java – 1.61-1ubuntu0.1~esm1 | |||
| libbcpkix-java – 1.61-1ubuntu0.1~esm1 | |||
| libbcprov-java – 1.61-1ubuntu0.1~esm1 | |||
| 18.04 LTS bionic | libbcmail-java – 1.59-1ubuntu0.1~esm1 | ||
| libbcpg-java – 1.59-1ubuntu0.1~esm1 | |||
| libbcpkix-java – 1.59-1ubuntu0.1~esm1 | |||
| libbcprov-java – 1.59-1ubuntu0.1~esm1 | |||
| 16.04 LTS xenial | libbcmail-java – 1.51-4ubuntu1+esm1 | ||
| libbcpg-java – 1.51-4ubuntu1+esm1 | |||
| libbcpkix-java – 1.51-4ubuntu1+esm1 | |||
| libbcprov-java – 1.51-4ubuntu1+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.