Mageia alert MGASA-2018-0171 (python-pycrypto) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2018-0171: Updated python-pycrypto packages fix security vulnerability 
Date:
    	       Mon, 19 Mar 2018 13:13:55 +0100
Message-ID:
    	       <20180319121355.AA8449FB11@duvel.mageia.org>
MGASA-2018-0171 - Updated python-pycrypto packages fix security vulnerability

Publication date: 19 Mar 2018
URL: https://advisories.mageia.org/MGASA-2018-0171.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2018-6594

Description:
The textbook ElGamal implementation is not secure. PyCrypto and some
other implementations use the wrong algorithm, which may lead to some
information disclosure simply by looking at the encrypted text. For a
full description, see https://github.com/dlitz/pycrypto/issues/253
This update includes a fix for this problem backported from pycryptodome.

References:
- https://bugs.mageia.org/show_bug.cgi?id=22693
- https://github.com/TElgamal/attack-on-pycrypto-elgamal
- https://github.com/Legrandin/pycryptodome/issues/90
- https://github.com/dlitz/pycrypto/issues/253
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594

SRPMS:
- 5/core/python-pycrypto-2.6.1-6.2.mga5
- 6/core/python-pycrypto-2.6.1-9.1.mga6

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2018-0171: Updated python-pycrypto packages fix security vulnerability
Date:		Mon, 19 Mar 2018 13:13:55 +0100
Message-ID:		<20180319121355.AA8449FB11@duvel.mageia.org>