Advisories » MGASA-2026-0176

Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities

Publication date: 06 Jun 2026
Modification date: 06 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27551 , CVE-2025-27552

Description

The updated perl-DBIx-Class-EncodedColumn and new
perl-Crypt-URandom-Token packages fix security issues:
DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand()
function for salting password hashes in Digest.pm (CVE-2025-27551)
DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand()
function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm
(CVE-2025-27552)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34215
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZO6ZQ5X5UGT2U2IHHPDXAJUDE27HTUX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTXKJZJLOFULT3WQ46ITSLDFTLG4YKJ2/
• https://www.cve.org/CVERecord?id=CVE-2025-27551
• https://www.cve.org/CVERecord?id=CVE-2025-27552

SRPMS

9/core

• perl-DBIx-Class-EncodedColumn-0.110.0-1.mga9
• perl-Crypt-URandom-Token-0.005-1.mga9