PublicDateAtUSN: 2018-02-03 Candidate: CVE-2018-6594 PublicDate: 2018-02-03 15:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594 https://github.com/TElgamal/attack-on-pycrypto-elgamal https://ubuntu.com/security/notices/USN-3616-1 https://ubuntu.com/security/notices/USN-3616-2 Description: lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. Ubuntu-Description: Notes: Bugs: https://github.com/dlitz/pycrypto/issues/253 https://github.com/Legrandin/pycryptodome/issues/90 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889999 (python-crypto) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889998 (pycryptodome) Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH] Patches_python-crypto: other: https://github.com/pghmcfc/pycrypto/commit/2f6c124e127b5dd98723e7e75a9825c4ed8bd5c7 upstream_python-crypto: needs-triage precise/esm_python-crypto: released (2.4.1-1ubuntu0.3) trusty_python-crypto: released (2.6.1-4ubuntu0.3) trusty/esm_python-crypto: released (2.6.1-4ubuntu0.3) xenial_python-crypto: released (2.6.1-6ubuntu0.16.04.3) esm-infra/xenial_python-crypto: released (2.6.1-6ubuntu0.16.04.3) artful_python-crypto: released (2.6.1-7ubuntu0.1) bionic_python-crypto: released (2.6.1-8ubuntu2) devel_python-crypto: released (2.6.1-8ubuntu2) Patches_pycryptodome: upstream: https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8 upstream_pycryptodome: needs-triage precise/esm_pycryptodome: DNE trusty_pycryptodome: DNE trusty/esm_pycryptodome: DNE xenial_pycryptodome: DNE artful_pycryptodome: ignored (reached end-of-life) bionic_pycryptodome: released (3.4.7-1ubuntu1) devel_pycryptodome: released (3.4.7-1ubuntu1)