Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41 Addresses Critical CVE-2025-2814 Issue in perl-Crypt-CBC

fedora
Calendar Grey August 6, 2025
Dist Fedora Esm H88
Fedora 41 enhances perl-Crypt-CBC to address major concerns regarding randomness generation and security flaws.
This update, to the current upstream release version, includes a fix to source random numbers using the Crypt::URandom module rather than trying to read /dev/urandom and falling ba...

Summary

This is Crypt::CBC, a Perl-only implementation of the cryptographic

cipher block chaining mode (CBC). In combination with a block cipher

such as Crypt::DES or Crypt::IDEA, you can encrypt and decrypt

messages of arbitrarily long length. The encrypted messages are

compatible with the encryption format used by SSLeay.

Update Information:

This update, to the current upstream release version, includes a fix to source random numbers using the Crypt::URandom module rather than trying to read /dev/urandom and falling back to Perl's insecure rand() function if /dev/urandom is not usable (CVE-2025-2814).

Topics%20covered

Topics Covered

security advisory fedora critical crypt-cbc random numbers cve-2025-2814

Change Log

* Mon Jul 28 2025 Paul Howarth - 3.07-1 - Update to 3.07 (rhbz#2383870) - New upstream maintainer - Fix CVE-2025-2814 by using Crypt::URandom - Fix decryption of ciphertext created with 'header' => 'randomiv' - Fixed bug in which manually-specified key and -pkdf=>"none" was not having any effect - Converted build process to Dist::Zilla - Miscellaneous minor Dist::Zilla related changes - Switch upstream source URL from cpan.metacpan.org to www.cpan.org to skip a redirect - Package new LICENSE, SECURITY.md and vulnerabilities.txt files * Fri Jul 25 2025 Fedora Release Engineering - 3.04-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sat Jan 18 2025 Fedora Release Engineering - 3.04-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

References


[ 1 ] Bug #2359385 - CVE-2025-2814 perl-Crypt-CBC: Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure rand() function for cryptographic functions [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2359385

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1d22f55c40' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-Crypt-CBC
Product: Fedora 41
Version: 3.07
Release: 1.fc41
URL: https://metacpan.org/release/Crypt-CBC
Summary: Encrypt Data with Cipher Block Chaining Mode

Topics%20covered

Topics Covered

security advisory fedora critical crypt-cbc random numbers cve-2025-2814

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here