Debian Security Advisory
DLA-1283-1 python-crypto -- LTS security update
- Date Reported:
- 15 Feb 2018
- Affected Packages:
- python-crypto
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 889999.
In Mitre's CVE dictionary: CVE-2018-6594. - More information:
-
python-crypto generated weak ElGamal key parameters, which allowed attackers to obtain sensitive information by reading ciphertext data (i.e., it did not have semantic security in face of a ciphertext-only attack).
For Debian 7
Wheezy
, these problems have been fixed in version 2.6-4+deb7u8.We recommend that you upgrade your python-crypto packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS