[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1283-1] python-crypto security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : python-crypto
Version        : 2.6-4+deb7u8
CVE ID         : CVE-2018-6594
Debian Bug     : 889999


python-crypto generated weak ElGamal key parameters, which allowed attackers to
obtain sensitive information by reading ciphertext data (i.e., it did not have
semantic security in face of a ciphertext-only attack).

For Debian 7 "Wheezy", these problems have been fixed in version
2.6-4+deb7u8.

We recommend that you upgrade your python-crypto packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAlqFOA4ACgkQF4RXf4Ef
bqymzg/+KGjsW0pGUiYyS1EfUDuLhi2vo+qu3REDOrmuP5nTlgmAgUFn3J5EL6ac
klJ7T3NtzM+JJvKeAiSK2HNFDfyIiMU6WCblK7TTYobEWW5OECtYujUbQzAZgYkL
nTvecYjlBj1/K+W6WwAxkkEPuQLh2uCIwqt2efNLJ9CH8zW7vBTKiv+zd3g3lJRI
wZEDh9D7xgYEOic+ADnvNaoXAJSgakaMm7j86JqUqZ201agpjbktGDblo6+nkp4G
B4Cfca8LlHnkS0zsnfr9Ea8gXxvdOoAmJb3GSlcxKSAHBswVeUuP1smR5+SkETpQ
dQ5NR3wuNMe3mhdDIumuAUYMs6g45eRgSMCR79pj4DA7/UycwJIb4FO8f8ZYu1kc
UrwouyDOMisOdpEeTzdBxPfFOG2qbBz8r51ZMeeO0ttF0Zgacp4P1jVuQAmSQ74L
k/CV1BuyyQaNor0h6lI9GahygGwo16pmZiW37Lfl7y2B2PV/IQkrBrjEVTsR3YqE
3hVK/ggP4iO/JQ6OK0kBH3lIQffqETZhoutI+2IIYW6KWHaT++LrfwABpTmg1NuZ
qS2EHHRakiIcdxwFMuz/AczI+1G7WtledW2o2gMhjGNgfEmnza+Cr/F9mRI4j/mx
cz0E2KxjRNXqYoy0rYJKVEqz34hvz28yYRZLMu1zht2UzTsWWqA=
=pHfV
-----END PGP SIGNATURE-----


Reply to: