Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 41 perl-Data-Entropy 2025-8a7bd987fe warning: rand function insecure

fedora
Calendar Grey April 8, 2025
Dist Fedora Esm H88
The Perl module Data::Entropy has been upgraded in Fedora 41, leading to improved management of entropy sources to strengthen security measures.
Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin rand function to choose an entropy source

Summary

This module maintains a concept of a current selection of entropy source.

Algorithms that require entropy, such as those in

Data::Entropy::Algorithms, can use the source nominated by this module,

avoiding the need for entropy source objects to be explicitly passed

around. This is convenient because usually one entropy source will be used

for an entire program run and so an explicit entropy source parameter would

rarely vary. There is also a default entropy source, avoiding the need to

explicitly configure a source at all.

Update Information:

Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin rand function to choose an entropy source. Version 0.008 does away with this need.

Topics%20covered

Topics Covered

security advisory software update Fedora perl threat management entropy

Change Log

* Sun Mar 30 2025 Emmanuel Seyman - 0.008-1 - Update to 0.008, with new maintainer (#2355612) * Sat Jan 18 2025 Fedora Release Engineering - 0.007-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Aug 5 2024 Miroslav Suchý - 0.007-26 - convert license to SPDX

References


[ 1 ] Bug #2355612 - perl-Data-Entropy-0.008 is available https://bugzilla.redhat.com/show_bug.cgi?id=2355612 [ 2 ] Bug #2355706 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2355706 [ 3 ] Bug #2355707 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2355707 [ 4 ] Bug #2355708 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2355708 [ 5 ] Bug #2355709 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2355709

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8a7bd987fe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-Data-Entropy
Product: Fedora 41
Version: 0.008
Release: 1.fc41
URL: https://metacpan.org/dist/Data-Entropy
Summary: Entropy (randomness) management

Topics%20covered

Topics Covered

security advisory software update Fedora perl threat management entropy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here