ELBA-2025-38104
- ULN >
- Oracle Linux Errata repository >
- ELBA-2025-38104
ELBA-2025-38104 - perl-Crypt-CBC Bug Fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2025-08-06 |
Description
[3.07-1]
- Update to 3.07 (rhbz#2383870)
- New upstream maintainer
- Fix CVE-2025-2814 by using Crypt::URandom
- Fix decryption of ciphertext created with 'header' => 'randomiv'
- Fixed bug in which manually-specified key and -pkdf=>'none' was not having
any effect
- Converted build process to Dist::Zilla
- Miscellaneous minor Dist::Zilla related changes
- Switch upstream source URL from cpan.metacpan.org to www.cpan.org to skip a
redirect
- Package new LICENSE, SECURITY.md and vulnerabilities.txt files
[3.04-18]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
[3.04-17]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
[3.04-16]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
[3.04-15]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[3.04-14]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[3.04-13]
- Fix decryption of ciphertext created with 'header' => 'randomiv'
https://bugzilla.redhat.com/show_bug.cgi?id=2235322
https://github.com/lstein/Lib-Crypt-CBC/issues/6
https://github.com/lstein/Lib-Crypt-CBC/pull/7
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | perl-Crypt-CBC-3.07-1.el9.src.rpm | 4329822df0db642769b8ee6704e9f57ad21faa71b2eb7795f40fe3b23837ad8b | - | ol9_aarch64_developer_EPEL |
| perl-Crypt-CBC-3.07-1.el9.noarch.rpm | 119e4a7db2ac3ce9989e9086889af5558bcdc361d4cb53c2b03bfad6f0bbd7a0 | - | ol9_aarch64_developer_EPEL | |
| Oracle Linux 9 (x86_64) | perl-Crypt-CBC-3.07-1.el9.src.rpm | 4329822df0db642769b8ee6704e9f57ad21faa71b2eb7795f40fe3b23837ad8b | - | ol9_x86_64_developer_EPEL |
| perl-Crypt-CBC-3.07-1.el9.noarch.rpm | 119e4a7db2ac3ce9989e9086889af5558bcdc361d4cb53c2b03bfad6f0bbd7a0 | - | ol9_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
