lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack).
Created python-crypto tracking bugs for this issue:
Affects: epel-all [bug 1542315]
Affects: fedora-all [bug 1542314]
The Red Hat OpenStack packages that use functionality from the python-crypto libraries do not use the ElGamal functionality. Whilst the python-crypto code shipped is vulnerable, the vulnerable functionality is not used. Therefore, the Red Hat OpenStack python-crypto package will not be fixed at this stage.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):