Advisories » MGASA-2018-0171

Updated python-pycrypto packages fix security vulnerability

Publication date: 19 Mar 2018
Modification date: 19 Mar 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-6594

Description

The textbook ElGamal implementation is not secure. PyCrypto and some
other implementations use the wrong algorithm, which may lead to some
information disclosure simply by looking at the encrypted text. For a
full description, see https://github.com/dlitz/pycrypto/issues/253
This update includes a fix for this problem backported from pycryptodome.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22693
• https://github.com/TElgamal/attack-on-pycrypto-elgamal
• https://github.com/Legrandin/pycryptodome/issues/90
• https://github.com/dlitz/pycrypto/issues/253
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594

SRPMS

6/core

• python-pycrypto-2.6.1-9.1.mga6

5/core

• python-pycrypto-2.6.1-6.2.mga5