FEDORA-EPEL-2018-a3ae6e7571 created by pghmcfc 3 years ago for Fedora EPEL 7
unpushed

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253

This update includes a fix for this problem backported from pycryptodome.

This is CVE-2018-6594.

This update has been submitted for testing by pghmcfc.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon tis commented & provided feedback 3 years ago
karma

This package is agains epel7 policy. python-crypto is on rhel7 extras. Actually exactly same NVR as this update.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

3 years ago

This update has been unpushed.


Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
BZ#1542313 CVE-2018-6594 python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext
0
0
BZ#1542315 CVE-2018-6594 python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext [epel-all]
0
0

Automated Test Results