The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-52b6491aab
java-latest-openjdk-24.0.2.0.12-1.rolling.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
perl-Crypt-CBC-2.33-26.el8
Details about builds:
================================================================================
perl-Crypt-CBC-2.33-26.el8 (FEDORA-EPEL-2025-d79f9b7270)
Encrypt Data with Cipher Block Chaining Mode
--------------------------------------------------------------------------------
Update Information:
This update includes a backported fix for CVE-2025-2814 from upstream version
3.07, in which Crypt::URandom is used to read random bytes rather than falling
back to Perl's insecure rand() function if using /dev/urandom directly wasn't
possible.-
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 28 2025 Paul Howarth <[email protected]> - 2.33-26
- Backport fix for CVE-2025-2814 from version 3.07, in which
Crypt::URandom is used to read random bytes rather than Perl's rand()
function (rhbz#2359382)
- Enable optional tests for EPEL builds
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359382 - CVE-2025-2814 perl-Crypt-CBC: Crypt::CBC versions
between 1.21 and 3.04 for Perl may use insecure rand() function for
cryptographic functions [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2359382
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
