Bug 2489070 (CVE-2026-12205)

Summary: CVE-2026-12205 Crypt::DSA: Crypt::DSA: Private-key recovery via nonce reuse across signatures
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Crypt::DSA, a Perl module for Digital Signature Algorithm (DSA) cryptography. This vulnerability occurs because the software reuses a unique random number, known as a nonce, for multiple digital signatures generated with the same cryptographic key. An attacker could exploit this flaw to recover the private key, which would compromise the security of any data signed with that key.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2491340, 2491342    
Bug Blocks:    

Description OSIDB Bzimport 2026-06-15 23:01:21 UTC 
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.

Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.

The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r".

Keys used to sign more than once with an affected version should be considered compromised.