Advisories » MGASA-2025-0062

Updated perl-Net-OAuth, perl-Crypt-URandom & perl-Module-Build packages fix security vulnerability

Publication date: 13 Feb 2025
Modification date: 13 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22376

Description

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl,
the default nonce is a 32-bit integer generated from the built-in rand()
function, which is not cryptographically strong. (CVE-2025-22376)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33923
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLAEBHWU2NBVEDHXVVKYY4Y2XLNJX2VX/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22376

SRPMS

9/core

• perl-Net-OAuth-0.300.0-1.mga9
• perl-Crypt-URandom-0.370.0-1.mga9
• perl-Module-Build-0.423.400-1.mga9