Fedora Account System
Red Hat Associate
Red Hat Customer
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
FEDORA-EPEL-2026-432fddaa41 (perl-Crypt-DSA-1.17-31.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-432fddaa41
FEDORA-EPEL-2026-b426ab1b56 (perl-Crypt-DSA-1.17-31.el8) has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b426ab1b56
FEDORA-EPEL-2026-49e427dec0 (perl-Crypt-DSA-1.22-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-49e427dec0
FEDORA-EPEL-2026-121cfa24e8 (perl-Crypt-DSA-1.22-1.el10_2) has been submitted as an update to Fedora EPEL 10.2. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-121cfa24e8
FEDORA-EPEL-2026-121cfa24e8 (perl-Crypt-DSA-1.22-1.el10_2) has been pushed to the Fedora EPEL 10.2 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2026-49e427dec0 (perl-Crypt-DSA-1.22-1.el10_3) has been pushed to the Fedora EPEL 10.3 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2026-432fddaa41 (perl-Crypt-DSA-1.17-31.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2026-b426ab1b56 (perl-Crypt-DSA-1.17-31.el8) has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.