Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 40: Urgent Notice on KeePassXC Entropy Vulnerability Details

fedora
Calendar Grey June 5, 2024
Dist Fedora Esm H88
Urgent patch release for KeePassXC on Fedora 40 tackling a PRNG security issue. Update now to ensure improved protection.
Qt 5.15.14 bugfix update

Summary

KeePassXC is a community fork of KeePassX

KeePassXC is an application for people with extremely high demands on secure

personal data management.

KeePassXC saves many different information e.g. user names, passwords, urls,

attachemts and comments in one single database. For a better management

user-defined titles and icons can be specified for each single entry.

Furthermore the entries are sorted in groups, which are customizable as well.

The integrated search function allows to search in a single group or the

complete database.

KeePassXC offers a little utility for secure password generation. The password

generator is very customizable, fast and easy to use. Especially someone who

generates passwords frequently will appreciate this feature.

The complete database is always encrypted either with AES (alias Rijndael) or

Twofish encryption algorithm using a 256 bit key. Therefore the saved

information can be considered as quite safe.

Update Information:

Qt 5.15.14 bugfix update. Fix CVE-2024-36048

Topics%20covered

Topics Covered

security advisory critical issue Fedora PRNG KeePassXC

Change Log

* Thu May 30 2024 Jan Grulich - 2.7.8-2 - Rebuild (qt5)

References


[ 1 ] Bug #2282866 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2282866 [ 2 ] Bug #2282867 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2282867 [ 3 ] Bug #2282869 - CVE-2024-36048 qt5-qtnetworkauth: qtnetworkauth: badly seeded PRNG may result in guessable values [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2282869

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2e27372d4c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: keepassxc
Product: Fedora 40
Version: 2.7.8
Release: 2.fc40
URL: https://keepassxc.org/
Summary: Cross-platform password manager

Topics%20covered

Topics Covered

security advisory critical issue Fedora PRNG KeePassXC

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here