MGASA-2026-0176

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0176.html

Import Source

https://advisories.mageia.org/MGASA-2026-0176.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0176

Upstream

CVE-2025-27551

CVE-2025-27552

Published

2026-06-06T05:36:58Z

Modified

2026-06-06T05:45:04.509259788Z

Summary

Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities

Details

The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm (CVE-2025-27551) DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm (CVE-2025-27552)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / perl-DBIx-Class-EncodedColumn

Package

Name: perl-DBIx-Class-EncodedColumn
Purl: pkg:rpm/mageia/perl-DBIx-Class-EncodedColumn?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.110.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0176.json"

Mageia:9 / perl-Crypt-URandom-Token

Package

Name: perl-Crypt-URandom-Token
Purl: pkg:rpm/mageia/perl-Crypt-URandom-Token?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.005-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0176.json"