Critical Key Flaw in Fedora's perl-Crypt-DSA Affects Key Generation

Critical Key Flaw in Fedora's perl-Crypt-DSA Affects Key Generation

First seen 12 Jul 2026, 18:11 UTC Linuxsecurity 99% similarity 72.8

Article Content

Browse articles
ThreatCluster

A significant cryptographic vulnerability (CVE-2026-14570) has been identified in the perl-Crypt-DSA package affecting Fedora 43 and 44. The flaw, known as modulo bias, compromises private key generation, allowing attackers to recover private keys after generating hundreds of signatures. Users are advised to consider their keys compromised and to generate new ones immediately. The flaw was addressed in updates released on July 3, 2026, by Paul Howarth and Yaakov Selkowitz. The vulnerability is critical due to the potential for complete private key compromise, impacting systems that rely on this cryptographic library. The flaw was published on July 5, 2026, and is applicable to Fedora systems using the affected versions of perl-Crypt-DSA.

Key Points: • CVE-2026-14570 exposes private key generation flaws in Fedora's perl-Crypt-DSA. • Attackers can recover private keys after generating hundreds of signatures due to modulo bias. • Users must generate new keys immediately as existing keys are considered compromised.

ThreatCluster AI

Timeline

2026-06-19
Rebuild for OpenSSL 4.0
The perl-Crypt-DSA package was rebuilt for compatibility with OpenSSL 4.0, preceding the vulnerability fix.
Linuxsecurity
2026-07-03
Updates released for Fedora 43 and 44
Updates addressing the modulo bias vulnerability were released, urging users to generate new keys.
Linuxsecurity
2026-07-05
CVE-2026-14570 published
The vulnerability affecting key generation in perl-Crypt-DSA was officially published, highlighting its critical nature.
Linuxsecurity

Community

Browse all →