Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-6594

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Related bugs and status

CVE-2018-6594 (Candidate) is related to these bugs:

Bug #1748572: [MIR] pysmi, pycryptodome

Summary				In	Importance	Status
	1748572	[MIR] pysmi, pycryptodome		pysmi (Ubuntu)	High	Fix Released
	1748572	[MIR] pysmi, pycryptodome		pycryptodome (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/TEl...
MISC: https://github.com/dli...
MLIST: [debian-lts-announce] ...
UBUNTU: USN-3616-1
UBUNTU: USN-3616-2
GENTOO: GLSA-202007-62