1
PublicDateAtUSN: 2018-02-03
2
Candidate: CVE-2018-6594
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
6
https://github.com/TElgamal/attack-on-pycrypto-elgamal
7
https://usn.ubuntu.com/usn/usn-3616-1
8
https://usn.ubuntu.com/usn/usn-3616-2
10
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak
11
ElGamal key parameters, which allows attackers to obtain sensitive
12
information by reading ciphertext data (i.e., it does not have semantic
13
security in face of a ciphertext-only attack). The Decisional
14
Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal
19
https://github.com/dlitz/pycrypto/issues/253
20
https://github.com/Legrandin/pycryptodome/issues/90
21
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889999 (python-crypto)
22
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889998 (pycryptodome)
27
Patches_python-crypto:
28
other: https://github.com/pghmcfc/pycrypto/commit/2f6c124e127b5dd98723e7e75a9825c4ed8bd5c7
29
upstream_python-crypto: needs-triage
30
precise/esm_python-crypto: released (2.4.1-1ubuntu0.3)
31
trusty_python-crypto: released (2.6.1-4ubuntu0.3)
32
xenial_python-crypto: released (2.6.1-6ubuntu0.16.04.3)
33
artful_python-crypto: released (2.6.1-7ubuntu0.1)
34
bionic_python-crypto: released (2.6.1-8ubuntu2)
35
devel_python-crypto: released (2.6.1-8ubuntu2)
38
upstream: https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8
39
upstream_pycryptodome: needs-triage
40
precise/esm_pycryptodome: DNE
41
trusty_pycryptodome: DNE
42
xenial_pycryptodome: DNE
43
artful_pycryptodome: needed
44
bionic_pycryptodome: released (3.4.7-1ubuntu1)
45
devel_pycryptodome: released (3.4.7-1ubuntu1)