Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 44 perl-Crypt-ScryptKDF Critical Security Issue CVE-2026-8647

fedora
Calendar Grey July 4, 2026
Dist Fedora Esm H88
An important security update for Perl-Crypt-ScryptKDF in Fedora 44 addresses an insecure random number source issue.
perl-Crypt-ScryptKDF: 0.011 release

Summary

Scrypt is a password-based key derivation function (like for example

PBKDF2). Scrypt was designed to be "memory-hard" algorithm in order to make

it expensive to perform large scale custom hardware attacks.

Update Information:

perl-Crypt-ScryptKDF: 0.011 release

Change Log

* Fri Jun 26 2026 Denis Fateyev - 0.011-1 - Update to 0.011 version

References


[ 1 ] Bug #2478137 - perl-Crypt-ScryptKDF-0.011 is available https://bugzilla.redhat.com/show_bug.cgi?id=2478137 [ 2 ] Bug #2484583 - CVE-2026-8647 perl-Crypt-ScryptKDF: Crypt::ScryptKDF for Perl uses insecure random number source when no CSPRNG module is available [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484583 [ 3 ] Bug #2484584 - CVE-2026-8647 perl-Crypt-ScryptKDF: Crypt::ScryptKDF for Perl uses insecure random number source when no CSPRNG module is available [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484584

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b244acadbe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: perl-Crypt-ScryptKDF
Product: Fedora 44
Version: 0.011
Release: 1.fc44
Summary: Scrypt password based key derivation function

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here