freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #00486
[Bug 1717356] [NEW] CVE-2016-6298
*** This bug is a security vulnerability ***
Public security bug reported:
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in
jwcrypto before 0.3.2 lacks the Random Filling protection mechanism,
which makes it easier for remote attackers to obtain cleartext data via
a Million Message Attack (MMA).
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-6298.html
** Affects: python-jwcrypto (Ubuntu)
Importance: Undecided
Assignee: Brian Morton (rokclimb15)
Status: In Progress
** Information type changed from Private Security to Public Security
** Changed in: python-jwcrypto (Ubuntu)
Assignee: (unassigned) => Brian Morton (rokclimb15)
** Changed in: python-jwcrypto (Ubuntu)
Status: New => In Progress
** Description changed:
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in
jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which
- makes it easier for remote attackers to obtain cleartext data via a Million
- Message Attack (MMA).
+ makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-6298.html
** Description changed:
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in
- jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which
- makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
+ jwcrypto before 0.3.2 lacks the Random Filling protection mechanism,
+ which makes it easier for remote attackers to obtain cleartext data via
+ a Million Message Attack (MMA).
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-6298.html
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6298
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to python-jwcrypto in Ubuntu.
https://bugs.launchpad.net/bugs/1717356
Title:
CVE-2016-6298
Status in python-jwcrypto package in Ubuntu:
In Progress
Bug description:
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in
jwcrypto before 0.3.2 lacks the Random Filling protection mechanism,
which makes it easier for remote attackers to obtain cleartext data
via a Million Message Attack (MMA).
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-6298.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-jwcrypto/+bug/1717356/+subscriptions
Follow ups