openSUSE Security Update: Security update for perl-Data-Entropy
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2025:0123-1
Rating:             moderate
References:         #1240395 
Cross-References:   CVE-2025-1860
Affected Products:
                    openSUSE Backports SLE-15-SP6
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for perl-Data-Entropy fixes the following issues:

   Updated to 0.8.0 (0.008):

      see /usr/share/doc/packages/perl-Data-Entropy/Changes

   Version 0.008; 2025-03-27:

       * Use Crypt::URandom to seed the default algorithm with
         cryptographically secure random bytes instead of the builtin rand()
         function (boo#1240395, CVE-2025-1860).
       * This module has been marked as deprecated.
       * A security policy was added.
       * Remove use of Module::Build.
       * Updated maintainer information.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP6:

      zypper in -t patch openSUSE-2025-123=1

Package List:

   - openSUSE Backports SLE-15-SP6 (noarch):

      perl-Data-Entropy-0.8.0-bp156.4.3.1

References:

   https://www.suse.com/security/cve/CVE-2025-1860.html
   https://bugzilla.suse.com/1240395