Explore top 10 tips to secure your open-source projects now. Read More
×
The recommendation is still to upgrade python-crypto packages. In addition
please take into account that the fix is not complete. If you have an
application using python-crypto is implementing ElGamal encryption you should
consider changing to some other encryption method.
There will be no further update to python-crypto for this specific CVE. A fix
would break compatibility, the problem has been ignored by regular Debian
Security team due to its minor nature and in addition to that we are close to
the end of life of the Wheezy security support.
CVE-2018-6594:
python-crypto generated weak ElGamal key parameters, which allowed attackers to
obtain sensitive information by reading ciphertext data (i.e., it did not have
semantic security in face of a ciphertext-only attack).
We recommend that you upgrade your python-crypto packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
Get the latest Linux and open source security news straight to your inbox.