[Slackbuilds-users] Fwd: perl-Crypt-CBC SlackBuild is vulnerable to CVE-2025-2814

Matteo Bernardini matteo.bernardini at gmail.com
Fri Jul 17 07:07:00 UTC 2026


FWIW that CVE don't apply to us: from the link

- - -
Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure
rand() function for cryptographic functions

Description
-----------
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand()
function as the default source of entropy, which is not
cryptographically secure, for cryptographic functions.

This issue affects operating systems where "/dev/urandom'" is
unavailable.  In that case, Crypt::CBC will fallback to use the
insecure rand() function.
- - -

# ls -la /dev/urandom
crw-rw-rw- 1 root root 1, 9 Jun 23 12:41 /dev/urandom

Matteo

Il giorno ven 17 lug 2026 alle ore 08:56 B. Watson <urchlay at slackware.uk>
ha scritto:

>
>
> On Fri, 17 Jul 2026, pyllyukko wrote:
>
> > Hello, list.
> >
> > FYI. Tried reaching the maintainer, but haven't gotten any response.
>
> It looks like Chris Walker hasn't responded to emails from either
> you (since April 26) or me (about a week ago). Chris, are you on the
> mailing list?
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20260717/bd4facd4/attachment.htm>


More information about the SlackBuilds-users mailing list