Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 44 perl-Crypt-PasswdMD5 Significant Cryptographic Salt Update

fedora
Calendar Grey June 1, 2026
Dist Fedora Esm H88
Fedora 44 updates perl-Crypt-PasswdMD5 to use stronger randomization, fixing salt weaknesses in cryptographic functions.
This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

Summary

This package provides MD5-based crypt() functions.

Update Information:

This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659)

Change Log

* Sat May 23 2026 Paul Howarth - 1.4.3-1 - Update to 1.43 - Replace use of the cryptographically weak rand() function with the much stronger Crypt::URandom::urandom() (GH#3, CVE-2026-6659, rhbz#2479575) - Add Encode, Exporter, ExtUtils::MakeMaker to Makefile.PL - Add files AI_POLICY.md and SECURITY.md

References


[ 1 ] Bug #2479575 - CVE-2026-6659 perl: Crypt::PasswdMD5: Weak cryptographic salts due to predictable random number generation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479575 [ 2 ] Bug #2480988 - perl-Crypt-PasswdMD5-1.43 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480988

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-30d86fe986' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: perl-Crypt-PasswdMD5
Product: Fedora 44
Version: 1.4.3
Release: 1.fc44
Summary: Provides interoperable MD5-based crypt() functions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here