Bug 22693 - python-pycrypto new security issue CVE-2018-6594
Summary: python-pycrypto new security issue CVE-2018-6594
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-03-03 19:03 CET by David Walser
Modified: 2018-03-19 13:14 CET (History)
5 users (show)

See Also:
Source RPM: python-pycrypto-2.6.1-10.mga7.src.rpm
CVE: CVE-2018-6594
Status comment: Patch available from Fedora


Attachments
PoC for pycrypto, Python script (1.33 KB, text/plain)
2018-03-18 16:12 CET, Lewis Smith
Details
python 2 and 3 compatible script (1.46 KB, text/plain)
2018-03-19 11:11 CET, Philippe Makowski
Details

Description David Walser 2018-03-03 19:03:42 CET
Fedora has issued an advisory on February 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L45T52H3PPPVZFVN4UUTGD7G2VZBQOHB/

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-03-03 19:04:06 CET

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-03-03 20:04:11 CET
Assigning to the Python stack maintainers, CC'ing the registered maintainer.

Assignee: bugsquad => python
CC: (none) => makowski.mageia, marja11

Comment 2 Stig-Ørjan Smelror 2018-03-07 13:16:02 CET
Hi.

Since we have python-pycryptodome available and because it looks like python-pycrypto is hardly maintained, why don't we just obsolete the latter, rebuild everything using pycryptodome and in return "fix" the security issues?

Cheers,
Stig

CC: (none) => smelror

Comment 3 Philippe Makowski 2018-03-08 10:15:07 CET
(In reply to Stig-Ørjan Smelror from comment #2)
> Since we have python-pycryptodome available and because it looks like
> python-pycrypto is hardly maintained, why don't we just obsolete the latter,
> rebuild everything using pycryptodome and in return "fix" the security
> issues?
For Cauldron why not, but we still need to fix Mageia 5 and Mageia 6
David Walser 2018-03-11 16:10:44 CET

Status comment: (none) => Patch available from Fedora

Comment 4 Philippe Makowski 2018-03-13 14:57:05 CET
Updated python-pycrypto in cauldron, mga6 and mga5.

Fix CVE-2018-6594

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes a fix for this problem backported from pycryptodome.

ref :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
https://github.com/TElgamal/attack-on-pycrypto-elgamal
https://github.com/Legrandin/pycryptodome/issues/90
https://github.com/dlitz/pycrypto/issues/253 

Updated packages :

python3-pycrypto-2.6.1-9.1.mga6.x86_64 
python-pycrypto-2.6.1-9.1.mga6.x86_64
python3-pycrypto-2.6.1-9.1.mga6.i586
python-pycrypto-2.6.1-9.1.mga6.i586
from python-pycrypto-2.6.1-9.1.mga6.src

python3-pycrypto-2.6.1-6.2.mga5.x86_64 
python-pycrypto-2.6.1-6.2.mga5.x86_64
python3-pycrypto-2.6.1-6.2.mga5.i586
python-pycrypto-2.6.1-6.2.mga5.i586
from python-pycrypto-2.6.1-6.2.mga5.src

Status: NEW => ASSIGNED
CVE: (none) => CVE-2018-6594
Assignee: python => qa-bugs

claire robinson 2018-03-14 14:45:00 CET

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

claire robinson 2018-03-14 14:46:02 CET

Whiteboard: (none) => MGA5TOO

Comment 5 Herman Viaene 2018-03-15 09:48:17 CET
MGA5-32 on Dell Latitude D600 Xfce
No installation issues.
Used random output test as per bug 20031. Performs OK, after renaming the downloaded script (the two attachments of this bug come as attachment.cgi, I guess that was not their name when they were uploaded).

CC: (none) => herman.viaene
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OK

Lewis Smith 2018-03-17 20:32:03 CET

Keywords: (none) => advisory

Comment 6 Lewis Smith 2018-03-18 16:01:20 CET
Testing Mageia 6 x64 real h/w

BEFORE update:
 python-pycrypto-2.6.1-9.mga6
 python3-pycrypto-2.6.1-9.mga6

Downloaded from https://bugs.mageia.org/show_bug.cgi?id=20031#c3
the small test:
 https://bugs.mageia.org/attachment.cgi?id=8841
No need to make it executable.
 $ python cryptoRandom.py
[u'090e8a5f7f110bf8,925c0d0a9834899a',
 u'1f65987d2637b703,400f3ed3c5a5035e',
 u'cbffb9906731bd83,a9bcd1b511466ffa',
 u'd9a5c5c856e6cac1,f6dd0b89b9969eca']
$ python3 cryptoRandom.py
 Similar random output.

I found a PoC at:
 https://bugs.mageia.org/show_bug.cgi?id=20031#c3
[you can select the program without the line numbers - easy]
which worked for Python:
 $ python attack-pycrypto.py 
 Running experiment...
 Number of times adversary was wrong: 0
but NOT for Python3, throwing syntax errors.

@Philippe : do you know enough Python to correct those for Python3 so at least it runs? If so, please attach the result to this bug. It will help for future Python tests.

AFTER update:
- python-pycrypto-2.6.1-9.1.mga6.x86_64
- python3-pycrypto-2.6.1-9.1.mga6.x86_64

 $ python cryptoRandom.py
 $ python3 cryptoRandom.py
both gave 4 lines of random O/P as shown above.

 $ python attack-pycrypto.py
 Running experiment...
 Number of times adversary was wrong: 0
Same as before; sad. However, I will attach the script because it is better than nothing. (Still no good for Python3). OKing & validating.

Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Lewis Smith 2018-03-18 16:08:33 CET
Aaargh!
The link to the PoC in the previous comment was wrongly pasted. It is:
 https://github.com/TElgamal/attack-on-pycrypto-elgamal/blob/master/attack-pycrypto.py
Comment 8 Lewis Smith 2018-03-18 16:12:44 CET
Created attachment 10054 [details]
PoC for pycrypto, Python script

A script supposed to demonstrate a pycrypto security weakness. It ONLY runs for Python, *not* Python3 due to syntax differences.
 $ python attack-pycrypto.py
 Running experiment...
 Number of times adversary was wrong: 0
Comment 9 Philippe Makowski 2018-03-19 11:11:39 CET
Created attachment 10058 [details]
python 2 and 3 compatible script

(In reply to Lewis Smith from comment #8)
here a version that can be run under Python2 and Python3

but I don't really understand this "POC"
here what I get under Mageia Cauldron and under Fedora
$ python3 attack-pycrypto.py
Running experiment...
Number of times adversary was wrong: 464
$ python3 attack-pycrypto.py
Running experiment...
Number of times adversary was wrong: 524
$ python2 attack-pycrypto.py
Running experiment...
Number of times adversary was wrong: 0
$ python2 attack-pycrypto.py
Running experiment...
Number of times adversary was wrong: 0
Comment 10 Mageia Robot 2018-03-19 13:14:16 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0171.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.