CVE-2018-6594

Priority
Medium
Description
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak
ElGamal key parameters, which allows attackers to obtain sensitive
information by reading ciphertext data (i.e., it does not have semantic
security in face of a ciphertext-only attack). The Decisional
Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal
implementation.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.4.1-1ubuntu0.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.6.1-4ubuntu0.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.6.1-6ubuntu0.16.04.3)
Ubuntu 17.10 (Artful Aardvark):released (2.6.1-7ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.6.1-8ubuntu2)
Patches:
Other:https://github.com/pghmcfc/pycrypto/commit/2f6c124e127b5dd98723e7e75a9825c4ed8bd5c7
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):released (3.4.7-1ubuntu1)
Patches:
Upstream:https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8
More Information

Updated: 2018-04-09 16:14:17 UTC (commit 14521)