Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Debian: DLA-1283-2 Moderate: Python-Crypto ElGamal Encryption Issue

debian lts
Calendar Grey April 9, 2018
Dist Debian Esm H88
Enhance python-crypto to resolve CVE-2018-6594. This solution is incomplete; evaluate different encryption approaches.
This is an update to DLA-1283-1

Summary

The recommendation is still to upgrade python-crypto packages. In addition
please take into account that the fix is not complete. If you have an
application using python-crypto is implementing ElGamal encryption you should
consider changing to some other encryption method.

There will be no further update to python-crypto for this specific CVE. A fix
would break compatibility, the problem has been ignored by regular Debian
Security team due to its minor nature and in addition to that we are close to
the end of life of the Wheezy security support.

CVE-2018-6594:

python-crypto generated weak ElGamal key parameters, which allowed attackers to
obtain sensitive information by reading ciphertext data (i.e., it did not have
semantic security in face of a ciphertext-only attack).

We recommend that you upgrade your python-crypto packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be

Read the Full Advisory


Package: python-crypto
Version: 2.6-4+deb7u8

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.