Fedora alert FEDORA-2026-ffe3625a50 (perl-Crypt-DSA)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 42 Update: perl-Crypt-DSA-1.20-1.fc42 | |
| Date: | Wed, 27 May 2026 01:12:35 +0000 | |
| Message-ID: | <20260527011235.3600C793A4@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ffe3625a50 2026-05-27 01:11:26.838895+00:00 -------------------------------------------------------------------------------- Name : perl-Crypt-DSA Product : Fedora 42 Version : 1.20 Release : 1.fc42 URL : https://metacpan.org/release/Crypt-DSA Summary : Perl module for DSA signatures and key generation Description : Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm) signature verification system. This package provides DSA signing, signature verification, and key generation. DSA (Digital Signature Algorithm) signatures are no longer considered to be adequate for security. This module should only be used for verifying old signatures and should not be used for new signatures. That being said, some technologies still require DSA signatures even now. Consider using other solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible replacement. -------------------------------------------------------------------------------- Update Information: This update fixes a couple of security issues: Replace two arg open (CVE-2026-8704) Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700) -------------------------------------------------------------------------------- ChangeLog: * Mon May 18 2026 Paul Howarth <paul@city-fan.org> - 1.20-1 - Update to 1.20 - This module is now marked as deprecated: Crypt-DSA-GMP is a possible replacement - Improve the call to IPC::Open3::open3 - Replace two arg open (CVE-2026-8704) - Replace rand() (CVE-2026-8700) - Add a security policy - Add use warnings - Typo fix (CPAN RT#86424) * Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.19-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479633 - CVE-2026-8700 perl-Crypt-DSA: perl-Crypt-DSA: Weakening of cryptographic security via predictable seed generation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479633 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ffe3625a50' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new