Fedora 43 perl-Crypt-DSA Important Key Reuse Vulnerability CVE-2026-12205
fedora
June 23, 2026
This update, to the current upstream release, prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).
Summary
Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm)
signature verification system. This package provides DSA signing, signature
verification, and key generation.
DSA (Digital Signature Algorithm) signatures are no longer considered to be
adequate for security. This module should only be used for verifying old
signatures and should not be used for new signatures. That being said, some
technologies still require DSA signatures even now. Consider using other
solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible
replacement.
Update Information:
This update, to the current upstream release, prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).
Topics Covered
Change Log
* Mon Jun 15 2026 Paul Howarth
References
[ 1 ] Bug #2491340 - CVE-2026-12205 perl-Crypt-DSA: Crypt::DSA: Private-key recovery via nonce reuse across signatures [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491340
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5cf57e43e3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Name: perl-Crypt-DSA
Product: Fedora 43
Version: 1.21
Release: 1.fc43
Summary: Perl module for DSA signatures and key generation
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!