Security
Security
A flaw in PyCrypto allow remote attackers to obtain sensitive information.
| Package | dev-python/pycrypto on all architectures |
|---|---|
| Affected versions | <= 2.6.1-r2 |
| Unaffected versions |
PyCrypto is the Python Cryptography Toolkit.
It was discovered that PyCrypto incorrectly generated ElGamal key parameters.
Attackers may be able to obtain sensitive information by reading ciphertext data.
There is no known workaround at this time.
Gentoo has discontinued support for PyCrypto. We recommend that users unmerge PyCrypto:
# emerge --unmerge “dev-python/pycrypto”
NOTE: The Gentoo developer(s) maintaining PyCrypto have discontinued support at this time. PyCryptodome is the canonical successor to PyCrypto.
Release date
July 31, 2020
Latest revision
July 31, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries