Amazon Linux 2 Security Advisory: ALAS2ANSIBLE2-2025-012
Advisory Released Date: 2025-03-06
Advisory Updated Date: 2025-03-06
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. (CVE-2018-6594)
Affected Packages:
python-crypto
Note:
This advisory is applicable to Amazon Linux 2 - Ansible2 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update python-crypto to update your system.
aarch64:
python2-crypto-2.6.1-13.amzn2.0.4.aarch64
python-crypto-debuginfo-2.6.1-13.amzn2.0.4.aarch64
i686:
python2-crypto-2.6.1-13.amzn2.0.4.i686
python-crypto-debuginfo-2.6.1-13.amzn2.0.4.i686
src:
python-crypto-2.6.1-13.amzn2.0.4.src
x86_64:
python2-crypto-2.6.1-13.amzn2.0.4.x86_64
python-crypto-debuginfo-2.6.1-13.amzn2.0.4.x86_64