Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Fedora 44 perl-Crypt-DSA Important Key Flaw CVE-2026-14570

fedora
Calendar Grey July 11, 2026
Dist Fedora Esm H88
This Fedora advisory addresses a critical flaw in perl-Crypt-DSA affecting key generation, leading to potential private key compromise.
This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-14570) .

Summary

Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm)

signature verification system. This package provides DSA signing, signature

verification, and key generation.

DSA (Digital Signature Algorithm) signatures are no longer considered to be

adequate for security. This module should only be used for verifying old

signatures and should not be used for new signatures. That being said, some

technologies still require DSA signatures even now. Consider using other

solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible

replacement.

Update Information:

This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-14570) .

Change Log

* Fri Jul 3 2026 Paul Howarth - 1.22-1 - Update to 1.22 - Hardening: Use a fresh, independent CSPRNG witness every round - Security fix: Modulo bias in key generation (CVE-2026-14570); an attack with hundreds of signatures could lead to full private-key compromise; keys should be considered compromised and new keys should be generated * Fri Jun 19 2026 Yaakov Selkowitz - 1.21-2 - Rebuilt for OpenSSL 4.0

References


[ 1 ] Bug #2497529 - CVE-2026-14570 perl-Crypt-DSA: Crypt::DSA: Private key recovery due to biased random number generation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497529

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fcfc08d46c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: perl-Crypt-DSA
Product: Fedora 44
Version: 1.22
Release: 1.fc44
Summary: Perl module for DSA signatures and key generation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.