MGASA-2025-0062

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0062.html

Import Source

https://advisories.mageia.org/MGASA-2025-0062.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2025-0062

Related

CVE-2025-22376

Published

2025-02-13T19:09:12Z

Modified

2025-02-13T18:38:27Z

Summary

Updated perl-Net-OAuth, perl-Crypt-URandom & perl-Module-Build packages fix security vulnerability

Details

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. (CVE-2025-22376)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / perl-Net-OAuth

Package

Name: perl-Net-OAuth
Purl: pkg:rpm/mageia/perl-Net-OAuth?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.300.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / perl-Crypt-URandom

Package

Name: perl-Crypt-URandom
Purl: pkg:rpm/mageia/perl-Crypt-URandom?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.370.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / perl-Module-Build

Package

Name: perl-Module-Build
Purl: pkg:rpm/mageia/perl-Module-Build?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.423.400-1.mga9

Ecosystem specific

{
    "section": "core"
}