50 matches found
CVE-2026-14570
A flaw was found in Crypt::DSA. Versions before 1.22 for Perl use a biased random number generator when creating the Digital Signature Algorithm DSA signing nonce and private key. This bias allows a remote attacker to recover the private key through a lattice attack if they collect a sufficient...
UBUNTU-CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570
CVE-2026-14570 affects Crypt::DSA for Perl up to version 1.21, where Crypt::DSA::Util::makerandom biases the top bit to produce N-bit integers. This causes the DSA signing nonce and the private key to be drawn from a non-uniform distribution. Attackers who observe a modest number of signatures un...
CVE-2026-12205
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...
Fedora 45 : perl-Crypt-DSA (2026-cf622b92d7)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cf622b92d7 advisory. Automatic update for perl-Crypt-DSA-1.21-1.fc45. Changelog Mon Jun 15 2026 Paul Howarth - 1.21-1 - Update to 1.21 - Fixed key material reuse for multiple...
CVE-2026-8704
A flaw was found in Crypt-DSA for Perl. This vulnerability arises from the insecure use of the open function with two arguments, which can allow an attacker to modify existing files. This could lead to unauthorized alteration of data, impacting the integrity of the system. Mitigation Mitigation f...
[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.20-1.fc43
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
[SECURITY] Fedora 42 Update: perl-Crypt-DSA-1.20-1.fc42
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
Fedora 43 : perl-Crypt-DSA (2026-fdc100f74f)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdc100f74f advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
Fedora 42 : perl-Crypt-DSA (2026-ffe3625a50)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffe3625a50 advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
Fedora 44 : perl-Crypt-DSA (2026-cdcb20089b)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cdcb20089b advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
Linux Distros Unpatched Vulnerability : CVE-2026-8700
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitabl...
Linux Distros Unpatched Vulnerability : CVE-2026-8704
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. CVE-2026-8704 Note that Nessus relies on the presence of the...
DEBIAN-CVE-2026-8704
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
CVE-2026-8704
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
CVE-2026-8704
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
UBUNTU-CVE-2026-8704
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
CVE-2026-8704
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...