Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedoraimportantFedora 43 perl-Crypt-PasswdMD5 Important Salt Security Issue CVE-2026-6659
This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-96c8ae7dbe 2026-06-01 01:00:49.844238+00:00 -------------------------------------------------------------------------------- Name : perl-Crypt-PasswdMD5 Product : Fedora 43 Version : 1.4.3 Release : 1.fc43 URL : https://metacpan.org/release/Crypt-PasswdMD5 Summary : Provides interoperable MD5-based crypt() functions Description : This package provides MD5-based crypt() functions. -------------------------------------------------------------------------------- Update Information: This update uses a cryptographically strong random number source rather than perl's rand() function to generate random salt values when required (CVE-2026-6659) -------------------------------------------------------------------------------- ChangeLog: * Sat May 23 2026 Paul Howarth - 1.4.3-1 - Update to 1.43 - Replace use of the cryptographically weak rand() function with the much stronger Crypt::URandom::urandom() (GH#3, CVE-2026-6659, rhbz#2479575) - Add Encode, Exporter, ExtUtils::MakeMaker to Makefile.PL - Add files AI_POLICY.md and SECURITY.md * Sat Jan 17 2026 Fedora Release Engineering - 1.4.2-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2479575 - CVE-2026-6659 perl: Crypt::PasswdMD5: Weak cryptographic salts due to predictable random number generation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2479575 [ 2 ] Bug #2480988 - perl-Crypt-PasswdMD5-1.43 is available https://bugzilla.redhat.com/show_bug.cgi?id=2480988 -------------------------------------------------------------------------------- Thisupdate can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-96c8ae7dbe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 01, 2026
•Important
Fedora
91
security advisorygentoopassword securityGentoo: GLSA-202307-22 Alert: rclone Lacks Entropy in Random Generation
rclone uses weak random number generation such that generated passwords can be easily cracked.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: rclone: Weak random number generation Date: July 08, 2021 Bugs: #755638 ID: 202107-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= rclone uses weak random number generation such that generated passwords can be easily cracked. Background ========= rclone is a problem to sync files to and from various cloud storage providers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/rclone < 1.53.3 > = 1.53.3 Description ========== Passwords generated with rclone were insecurely generated and are vulnerable to brute force attacks. Impact ===== Data kept secret with a password generated by rclone may be disclosed to a local attacker. Workaround ========= There is no known workaround at this time. Resolution ========= All rclone users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/rclone-1.53.3" References ========= [ 1 ] CVE-2020-28924 https://nvd.nist.gov/vuln/detail/CVE-2020-28924 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machinesis of utmost importance to us. Any security concerns should be addressed to
Jul 07, 2021
Gentoo
172
security advisorycriticalubuntuUbuntu 16.04 USN-3065-1 Critical: Libgcrypt RNG Prediction
Libgcrypt incorrectly generated random numbers.. =========================================================================Ubuntu Security Notice USN-3065-1 August 18, 2016 libgcrypt11, libgcrypt20 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Libgcrypt incorrectly generated random numbers. Software Description: - libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Details: Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libgcrypt20 1.6.5-2ubuntu0.2 Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.4 Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3065-1 CVE-2016-6313 Package Information: https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.4 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.6 . Uncover the weaknesses present in Ubuntu's libgcrypt linked to the generation of random numbers, along with the essential updates required to address these issues.. Libgcrypt, Random Number Generation, Ubuntu Security Update, Critical Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Aug 18, 2016
•Critical
Ubuntu
172
security advisorysecurity issuegnupgUbuntu 16.04 LTS USN-3064-1 Moderate: GnuPG Random Number Predictability
GnuPG incorrectly generated random numbers.. =========================================================================Ubuntu Security Notice USN-3064-1 August 18, 2016 gnupg vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: GnuPG incorrectly generated random numbers. Software Description: - gnupg: GNU privacy guard - a free PGP replacement Details: Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: gnupg 1.4.20-1ubuntu3.1 Ubuntu 14.04 LTS: gnupg 1.4.16-1ubuntu2.4 Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.10 In general, a standard system update will make all the necessary changes. References: CVE-2016-6313 Package Information: https://launchpad.net/ubuntu/+source/gnupg/1.4.20-1ubuntu3.1 https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.4 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.10 . Recent GnuPG flaw exposes potential to forecast random number generation. Ensure your Ubuntu system is updated promptly to address these security threats.. GnuPG Vulnerability, Random Number Generation, Ubuntu Security Notice. . Severity: Important. LinuxSecurity.com Team
Aug 18, 2016
•Important
Ubuntu
91
security advisorygentoobindGentoo GLSA-200708-13 Normal: BIND Weak Random Number Generation
The ISC BIND random number generator uses a weak algorithm, making it easier to guess the next query ID and perform a DNS cache poisoning attack. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Weak random number generation Date: August 18, 2007 Bugs: #186556 ID: 200708-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The ISC BIND random number generator uses a weak algorithm, making it easier to guess the next query ID and perform a DNS cache poisoning attack. Background ========= ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.4.1_p1 > = 9.4.1_p1 Description ========== Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries (CVE-2007-2926). Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options (CVE-2007-2925). Impact ===== A remote attacker can use this weakness by sending queries for a domain he handles to a resolver (directly to a recursive server, or through another process like an email processing) and then observing the resulting IDs of the iterative queries. The attacker will half the time be able to guess the nextquery ID, then perform cache poisoning by answering with those guessed IDs, while spoofing the UDP source address of the reply. Furthermore, with empty allow-recursion{} and allow-query{} options, the default configuration allowed anybody to make recursive queries and query the cache. Workaround ========= There is no known workaround at this time for the random generator weakness. The allow-recursion{} and allow-query{} options should be set to trusted hosts only in /etc/bind/named.conf, thus preventing several security risks. Resolution ========= All ISC BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-dns/bind-9.4.1_p1" References ========= [ 1 ] CVE-2007-2925 https://www.cve.org/CVERecord?id=CVE-2007-2925 [ 2 ] CVE-2007-2926 https://www.cve.org/CVERecord?id=CVE-2007-2926 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200708-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 18, 2007
Gentoo
98
security advisorysecurity issueRed HatRed Hat: RHSA-2022:112-45 Urgent: OpenSSL Security Vulnerability
Multiple vulnerabilities including a flaw in the pseudo-random unber generation exist in previous versions of OpenSSL.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated openssl packages available Advisory ID: RHSA-2001:051-18 Issue date: 2001-04-17 Updated on: 2001-07-18 Product: Red Hat Linux Keywords: openssl 0.9.6a 0.9.6b bleichenbacher premaster crt setugid prng Cross references: Obsoletes: RHEA-2000:085 --------------------------------------------------------------------- 1. Topic: Updated openssl packages are now available for Red Hat Linux 6.x and 7. These packages include security-related changes made in OpenSSL 0.9.6a and 0.9.6b which have been backported to previous versions released for Red Hat Linux. In addition, this advisory provides OpenSSL 0.9.6 packages for Red Hat Linux 7, which may be used by future updates to both Red Hat Linux 7 and Red Hat Linux 7.1. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386 3. Problem description: Versions of OpenSSL prior to 0.9.6a suffer from potential security problems. These include potential leakage of information after SSL version 3 key exchanges, imperfect distribution of random numbers used when generating signatures, honoring of sensitive environment variables in library functions in setuid or setgid applications, and not taking precautions to counter effects of potential hardware glitches when generating digital signatures. A flaw has also been found in the pseudo-random number generator used in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team has released a patch which corrects this problem. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For all RPMs downloaded for your particular architecture, run: rpm -Uvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Because of dependencies, the packages must be installed as a group. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 37730 - OpenSSL-0.9.6a has security fixes 24079 - openssl in updates area built for wrong arch 6. RPMs required: Red Hat Linux 6.2: SRPMS: alpha: i386: sparc: Red Hat Linux 7.0: SRPMS: alpha: i386: Red Hat Linux 7.1: SRPMS: alpha: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- ae3822c64b58a9a9b2c99a716a810481 6.2/en/os/SRPMS/openssl-0.9.5a-7.6.x.src.rpm ecd930fad4bb9782b5b2195701b6b141 6.2/en/os/alpha/openssl-0.9.5a-7.6.x.alpha.rpm e48e4dd6801c79092c4cc8e035a40bc9 6.2/en/os/alpha/openssl-devel-0.9.5a-7.6.x.alpha.rpm ab7e2edc9e9ebfdf101f0a9e5c705ceb 6.2/en/os/alpha/openssl-perl-0.9.5a-7.6.x.alpha.rpm 156419e44b70f606f6fa93092550bf08 6.2/en/os/alpha/openssl-python-0.9.5a-7.6.x.alpha.rpm ec66fd4f28e20f218b4b184ac8a48b84 6.2/en/os/i386/openssl-0.9.5a-7.6.x.i386.rpm 984e58a1f2fd6a13cda5142fa7282a6e 6.2/en/os/i386/openssl-devel-0.9.5a-7.6.x.i386.rpm fe3f2d7f171c31f79da93d96340d6e06 6.2/en/os/i386/openssl-perl-0.9.5a-7.6.x.i386.rpm b417a574742ff88c6b805c413c55cf3e 6.2/en/os/i386/openssl-python-0.9.5a-7.6.x.i386.rpm 2982432f5079dff2252c1da6fa9743e2 6.2/en/os/sparc/openssl-0.9.5a-7.6.x.sparc.rpm 561d6da5e2d7d3716562b080b62eb5d76.2/en/os/sparc/openssl-devel-0.9.5a-7.6.x.sparc.rpm 5a7841be3320289332ed40750068e89c 6.2/en/os/sparc/openssl-perl-0.9.5a-7.6.x.sparc.rpm 225711edc674bf2b211190021190d8c9 6.2/en/os/sparc/openssl-python-0.9.5a-7.6.x.sparc.rpm bdc921206bdcf76248db79df91d267cb 7.0/en/os/SRPMS/openssl-0.9.6-9.src.rpm d197f8d718faeb6e3ec5565cd8010656 7.0/en/os/SRPMS/openssl095a-0.9.5a-9.src.rpm ed07fa3c26966900a39241c4ca04ec9d 7.0/en/os/alpha/openssl-0.9.6-9.alpha.rpm a8cfeb422c1f8a99c57ab5e31180c70c 7.0/en/os/alpha/openssl-devel-0.9.6-9.alpha.rpm a66469cfb642bfac79faba96df25f830 7.0/en/os/alpha/openssl-perl-0.9.6-9.alpha.rpm f4be46246227f4012793da5d5bb4d6ed 7.0/en/os/alpha/openssl-python-0.9.6-9.alpha.rpm 17779cc51b5464fc78dcd07cf58064ca 7.0/en/os/alpha/openssl095a-0.9.5a-9.alpha.rpm a0a91187159d23e9efa2a8b4e80595a6 7.0/en/os/i386/openssl-0.9.6-9.i386.rpm b01adfae1485fd3bfc0da259e25f62d8 7.0/en/os/i386/openssl-devel-0.9.6-9.i386.rpm 82487ca3e5cb8161b2a7be07fcbdd3a4 7.0/en/os/i386/openssl-perl-0.9.6-9.i386.rpm d853627c2521c8184b1216b643e7f7f8 7.0/en/os/i386/openssl-python-0.9.6-9.i386.rpm 4c59d4f6bc52fd7985ae2e499ddb8a6f 7.0/en/os/i386/openssl095a-0.9.5a-9.i386.rpm 9719bf4aa5048825c132c29eb58de3b0 7.1/en/os/SRPMS/nss_ldap-149-4.src.rpm bdc921206bdcf76248db79df91d267cb 7.1/en/os/SRPMS/openssl-0.9.6-9.src.rpm d197f8d718faeb6e3ec5565cd8010656 7.1/en/os/SRPMS/openssl095a-0.9.5a-9.src.rpm 4201cbfc441517570d0c2bd332ce1701 7.1/en/os/alpha/nss_ldap-149-4.alpha.rpm ed07fa3c26966900a39241c4ca04ec9d 7.1/en/os/alpha/openssl-0.9.6-9.alpha.rpm a8cfeb422c1f8a99c57ab5e31180c70c 7.1/en/os/alpha/openssl-devel-0.9.6-9.alpha.rpm a66469cfb642bfac79faba96df25f830 7.1/en/os/alpha/openssl-perl-0.9.6-9.alpha.rpm f4be46246227f4012793da5d5bb4d6ed 7.1/en/os/alpha/openssl-python-0.9.6-9.alpha.rpm 17779cc51b5464fc78dcd07cf58064ca 7.1/en/os/alpha/openssl095a-0.9.5a-9.alpha.rpm 69cc5ae8f7a386ec05a6a35efdebe5db 7.1/en/os/i386/nss_ldap-149-4.i386.rpm a0a91187159d23e9efa2a8b4e80595a6 7.1/en/os/i386/openssl-0.9.6-9.i386.rpm b01adfae1485fd3bfc0da259e25f62d87.1/en/os/i386/openssl-devel-0.9.6-9.i386.rpm 82487ca3e5cb8161b2a7be07fcbdd3a4 7.1/en/os/i386/openssl-perl-0.9.6-9.i386.rpm d853627c2521c8184b1216b643e7f7f8 7.1/en/os/i386/openssl-python-0.9.6-9.i386.rpm 4c59d4f6bc52fd7985ae2e499ddb8a6f 7.1/en/os/i386/openssl095a-0.9.5a-9.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: http://marc.theaimsgroup.com/?l=openssl-announce&m=98655255404174&w=2 stanford openssl Copyright(c) 2000, 2001 Red Hat, Inc. `. Debian announces updates to its Cryptography modules, targeting critical weaknesses in digital signature algorithms, especially concerning issues with key generation.. Red Hat OpenSSL Update, OpenSSL Security Fixes, OpenSSL 0.9.6 Patch. . Severity: Important. LinuxSecurity.com Team
Jul 18, 2001
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!