Fedora 42: perl-Data-Entropy 0.008 security advisory for better randomness
fedora
April 11, 2025
Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin rand function to choose an entropy source
Summary
This module maintains a concept of a current selection of entropy source.
Algorithms that require entropy, such as those in
Data::Entropy::Algorithms, can use the source nominated by this module,
avoiding the need for entropy source objects to be explicitly passed
around. This is convenient because usually one entropy source will be used
for an entire program run and so an explicit entropy source parameter would
rarely vary. There is also a default entropy source, avoiding the need to
explicitly configure a source at all.
Update Information:
Prior to version 0.008, the Perl module Data::Entropy relied on Perl's builtin rand function to choose an entropy source. Version 0.008 does away with this need.
Change Log
* Sun Mar 30 2025 Emmanuel Seyman
References
[ 1 ] Bug #2355612 - perl-Data-Entropy-0.008 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2355612
[ 2 ] Bug #2355706 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2355706
[ 3 ] Bug #2355707 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2355707
[ 4 ] Bug #2355708 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2355708
[ 5 ] Bug #2355709 - CVE-2025-1860 perl-Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2355709
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-76dbde76fe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: perl-Data-Entropy
Product: Fedora 42
Version: 0.008
Release: 1.fc42
Summary: Entropy (randomness) management
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!