Critical Key Reuse Vulnerability in Fedora 43 and 44 perl-Crypt-DSA

A significant vulnerability (CVE-2026-12205) affecting the perl-Crypt-DSA library was identified, allowing key material reuse across multiple signing events. This flaw, discovered on June 15, 2026, permits private-key recovery from two signatures using the same nonce, compromising keys used for signing. The vulnerability affects Fedora versions 43 and 44, with updates released to mitigate the issue. Users are advised to consider any keys signed with affected versions as compromised. The flaw is categorized under CWE-323, indicating a critical security risk for systems utilizing this library. The update ensures that a fresh nonce is generated for each signature to prevent future occurrences of this issue.

Key Points: • CVE-2026-12205 allows private-key recovery due to nonce reuse in perl-Crypt-DSA. • Affected Fedora versions include 43 and 44, with critical updates released. • Keys signed with vulnerable versions should be considered compromised.