openSUSE-SU-2025:0123-1

Опубликовано: 16 апр. 2025

Источник: suse-cvrf

Описание

Security update for perl-Data-Entropy

This update for perl-Data-Entropy fixes the following issues:

Updated to 0.8.0 (0.008):

see /usr/share/doc/packages/perl-Data-Entropy/Changes

Version 0.008; 2025-03-27:

* Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand() function (boo#1240395, CVE-2025-1860). * This module has been marked as deprecated. * A security policy was added. * Remove use of Module::Build. * Updated maintainer information.

Список пакетов

SUSE Package Hub 15 SP6

perl-Data-Entropy-0.8.0-bp156.4.3.1

openSUSE Leap 15.6

perl-Data-Entropy-0.8.0-bp156.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DEV777CDY3ONNFKV6ZABSLHPDKVBS3AA/
E-Mail link for openSUSE-SU-2025:0123-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1240395
SUSE Bug 1240395
https://www.suse.com/security/cve/CVE-2025-1860/
SUSE CVE CVE-2025-1860 page

Описание

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Затронутые продукты

SUSE Package Hub 15 SP6:perl-Data-Entropy-0.8.0-bp156.4.3.1

openSUSE Leap 15.6:perl-Data-Entropy-0.8.0-bp156.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-1860.html
CVE-2025-1860
https://bugzilla.suse.com/1240395
SUSE Bug 1240395

openSUSE-SU-2025:0123-1

Описание

Список пакетов

SUSE Package Hub 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-1860

Описание

Затронутые продукты

Ссылки