freeipa team mailing list archive

Thread
Date

[Bug 1717356] Re: CVE-2016-6298

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: Timo Aaltonen <tjaalton@xxxxxxxxxx>
Date: Wed, 07 Mar 2018 12:36:32 -0000
Reply-to: Bug 1717356 <1717356@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: python-jwcrypto (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: python-jwcrypto (Ubuntu Xenial)
     Assignee: (unassigned) => Brian Morton (rokclimb15)

** Changed in: python-jwcrypto (Ubuntu)
       Status: In Progress => Fix Released

** Changed in: python-jwcrypto (Ubuntu)
     Assignee: Brian Morton (rokclimb15) => (unassigned)

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to python-jwcrypto in Ubuntu.
https://bugs.launchpad.net/bugs/1717356

Title:
  CVE-2016-6298

Status in python-jwcrypto package in Ubuntu:
  Fix Released
Status in python-jwcrypto source package in Xenial:
  New

Bug description:
  The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in
  jwcrypto before 0.3.2 lacks the Random Filling protection mechanism,
  which makes it easier for remote attackers to obtain cleartext data
  via a Million Message Attack (MMA).

  https://people.canonical.com/~ubuntu-
  security/cve/2016/CVE-2016-6298.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-jwcrypto/+bug/1717356/+subscriptions

References

[Bug 1717356] [NEW] CVE-2016-6298
From: Brian Morton, 2017-09-14