Explore top 10 tips to secure your open-source projects now. Read More
×
This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-14570) .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-fcfc08d46c 2026-07-12 01:10:38.798612+00:00 -------------------------------------------------------------------------------- Name : perl-Crypt-DSA Product : Fedora 44 Version : 1.22 Release : 1.fc44 URL : https://metacpan.org/release/Crypt-DSA Summary : Perl module for DSA signatures and key generation Description : Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm) signature verification system. This package provides DSA signing, signature verification, and key generation. DSA (Digital Signature Algorithm) signatures are no longer considered to be adequate for security. This module should only be used for verifying old signatures and should not be used for new signatures. That being said, some technologies still require DSA signatures even now. Consider using other solutions or explicitly not using DSA signatures. Crypt-DSA-GMP is a possible replacement. -------------------------------------------------------------------------------- Update Information: This update, to the current upstream release, addresses a cryptographic flaw (modulo bias) in key generation that could lead to private key compromise (CVE-2026-14570) . -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Paul Howarth - 1.22-1 - Update to 1.22 - Hardening: Use a fresh, independent CSPRNG witness every round - Security fix: Modulo bias in key generation (CVE-2026-14570); an attack with hundreds of signatures could lead to full private-key compromise; keys should be considered compromised and new keys should be generated * Fri Jun 19 2026 Yaakov Selkowitz - 1.21-2 - Rebuilt for OpenSSL4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2497529 - CVE-2026-14570 perl-Crypt-DSA: Crypt::DSA: Private key recovery due to biased random number generation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497529 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fcfc08d46c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.