Lincoln Stein

Name of the Vulnerable Software and Affected Versions: Crypt::CBC Perl module version 2.16 and earlier Description: The issue concerns the Crypt::CBC Perl module, which uses a weaker initialization vector (IV) of 8 bytes when running in RandomIV mode. This results in weaker encryption when used with ciphers that require a larger block size than 8 bytes, such as Rijndael. Multiple vulnerabilities in the libcrypt-cbc-perl package may lead to a breach of confidentiality of protected information and can be exploited remotely. Recommendations: For Crypt::CBC Perl module version 2.16 and earlier, consider updating to a version that uses a stronger initialization vector or disabling the use of RandomIV mode until a patch is available. As a temporary workaround, restrict the use of the Crypt::CBC Perl module with ciphers that require a larger block size than 8 bytes.