[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.20-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

[SECURITY] Fedora 42 Update: perl-Crypt-DSA-1.20-1.fc42

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

Fedora 44 : perl-Crypt-DSA (2026-cdcb20089b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cdcb20089b advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

Fedora 43 : perl-Crypt-DSA (2026-fdc100f74f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdc100f74f advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

Fedora 42 : perl-Crypt-DSA (2026-ffe3625a50)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffe3625a50 advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

Linux Distros Unpatched Vulnerability : CVE-2026-39829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could...

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

UBUNTU-CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

EUVD-2026-31396

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

CVE-2026-39829

CVE-2026-39829 affects golang.org/x/crypto/ssh. The vulnerability arises because the RSA/DSA public key parsers did not enforce size limits on key parameters, allowing crafted keys with oversized modulus or DSA parameters to cause prolonged CPU use during signature verification. Affected behavior...

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

PT-2026-42708

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description RSA and DSA public key parsers fail to enforce size limits on key parameters. An unauthenticated client can trigger excessive CPU consumption during signature...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since the commit a3c53be55c95 “net: dsa: mv88e6xxx: Support multiple MDIO buses”, the mv88e6xxxdefaultmdiobus function has checked that the return value of listfirstentry is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: allowing MDIO bus PM operations to initiate/stop the state machine for phylink-controlled PHYs. DSA has two types of drivers: 1. Those that call dsaswitchsuspend and dsaswitchresume from their device’s PM operations:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: microchip: Fixed the error path in the PTP IRQ setup process. If the requestthreadedirq function fails during the PTP message IRQ setup, the newly created IRQ mappings are never disposed of. In fact, the error path i...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: felix: do not use devres for mdiobus. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus using devres”. - 5135e96a3dd2: “net: dsa: do not allocate the slavemiibus using devres”...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Net: DSA: Felix: Fixed memory leak in felixsetupmmiofiltering A memory leak can be avoided if no CPU port is defined. Addresses-Coverity-ID: 1492897 “Resource leak” Addresses-Coverity-ID: 1492899 “Resource leak”...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: The operation gswipremove should perform the ofnodeputpriv-ds-slavemiibus-dev.ofnode before calling mdiobusfreepriv-ds-slavemiibus...

Astra Linux - уязвимость в node-browserify-sign

“browserify-sign” is a package that duplicates the functionality of Node’s crypto public key functions. Much of this functionality is based on Fedor Indutny’s work on “indutny/tls.js”. There is a issue with upper-bound checking in the “dsaVerify” function, which allows an attacker to create...