Overview

File _patchinfo of Package patchinfo.43425

<patchinfo incident="43425">
  <!--generated with prepare-update from request 404607-->
  <issue tracker="bnc" id="1258266">VUL-0: CVE-2026-2474: perl-Crypt-URandom: Crypt:URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-nega ...</issue>
  <issue tracker="cve" id="2026-2474"/>
  <category>security</category>
  <rating>important</rating>
  <packager>tinita</packager>
  <summary>Security update for perl-Crypt-URandom</summary>
  <description>This update for perl-Crypt-URandom fixes the following issue:

Update to 0.550.0 (0.55):

- CVE-2026-2474: heap buffer overflow in the XS function `crypt_urandom_getrandom()` (bsc#1258266).

Changelog:

- Fix for sysread/read failures. Thanks to Miha Purg for GH#20.
- Fix for test suite failures on STDOUT encoding. Thanks to Lukas Mai for GH#19.

For full changelog see /usr/share/doc/packages/perl-Crypt-URandom/Changes.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places