CVE-2018-6594

Priority
Description
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak
ElGamal key parameters, which allows attackers to obtain sensitive
information by reading ciphertext data (i.e., it does not have semantic
security in face of a ciphertext-only attack). The Decisional
Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal
implementation.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (3.4.7-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (3.4.7-1ubuntu1)
Patches:
Upstream:https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.4.1-1ubuntu0.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.6.1-4ubuntu0.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.6.1-6ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.6.1-8ubuntu2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.6.1-8ubuntu2)
Patches:
Other:https://github.com/pghmcfc/pycrypto/commit/2f6c124e127b5dd98723e7e75a9825c4ed8bd5c7
More Information

Updated: 2018-10-31 21:28:24 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)