Updated perl-Authen-SASL packages fix security vulnerability

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. CVE-2025-40918...

MGASA-2025-0285 Updated perl-Authen-SASL packages fix security vulnerability

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. CVE-2025-40918...

CVE-2025-40919 Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely

Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not...

CVE-2025-40918

Authen::SASL::Perl::DIGEST_MD5 (versions 2.04–2.1800) uses an insecure cnonce generator, composing the nonce from an MD5 of the PID, epoch time, and rand(), which weakens entropy below the RFC 2831-recommended 64 bits. Exploitation potential is supported by the CVSS data (Network, Low-to-Medium i...

CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...