Source: python-cryptography Version: 46.0.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for python-cryptography. CVE-2026-26007[0]: | cryptography is a package designed to expose cryptographic | primitives and recipes to Python developers. Prior to 46.0.5, the | public_key_from_numbers (or | EllipticCurvePublicNumbers.public_key()), | EllipticCurvePublicNumbers.public_key(), load_der_public_key() and | load_pem_public_key() functions do not verify that the point belongs | to the expected prime-order subgroup of the curve. This missing | validation allows an attacker to provide a public key point P from a | small-order subgroup. This can lead to security issues in various | situations, such as the most commonly used signature verification | (ECDSA) and shared key negotiation (ECDH). When the victim computes | the shared secret as S = [victim_private_key]P via ECDH, this leaks | information about victim_private_key mod (small_subgroup_order). For | curves with cofactor > 1, this reveals the least significant bits of | the private key. When these weak public keys are used in ECDSA , | it's easy to forge signatures on the small subgroup. Only SECT | curves are impacted by this. This vulnerability is fixed in 46.0.5. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-26007 https://www.cve.org/CVERecord?id=CVE-2026-26007 [1] https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2 [2] https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
