perl-Crypt-CBC-3.70.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15495-1 Final 1 1 2025-08-27T00:00:00Z current 2025-08-27T00:00:00Z 2025-08-27T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z perl-Crypt-CBC-3.70.0-1.1 on GA media These are all security issues fixed in the perl-Crypt-CBC-3.70.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15495 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-2814/ SUSE CVE CVE-2025-2814 page openSUSE Tumbleweed perl-Crypt-CBC-3.70.0-1.1 perl-Crypt-CBC-3.70.0-1.1 as a component of openSUSE Tumbleweed Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function. CVE-2025-2814 openSUSE Tumbleweed:perl-Crypt-CBC-3.70.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-2814.html CVE-2025-2814 https://bugzilla.suse.com/1241141 SUSE Bug 1241141