Home / mailingsPDF  

[USN-8418-1] Crypt-SaltedHash vulnerability

Posted on 11 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8418-1
June 10, 2026

libcrypt-saltedhash-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Crypt-SaltedHash incorrectly generated random numbers.

Software Description:
- libcrypt-saltedhash-perl: module for handling salted hashes

Details:

It was discovered that Crypt-SaltedHash incorrectly generated salts using a
cryptographically weak pseudo-random number generator. An attacker could
possibly use this issue to predict generated salts, leading to a weakening
of cryptographic protections.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
libcrypt-saltedhash-perl 0.09-3ubuntu0.26.04.1~esm1
Available with Ubuntu Pro

Ubuntu 25.10
libcrypt-saltedhash-perl 0.09-3ubuntu0.25.10.1

Ubuntu 24.04 LTS
libcrypt-saltedhash-perl 0.09-3ubuntu0.24.04.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libcrypt-saltedhash-perl 0.09-1.1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libcrypt-saltedhash-perl 0.09-1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libcrypt-saltedhash-perl 0.09-1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libcrypt-saltedhash-perl 0.09-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8418-1
CVE-2026-47372

Package Information:
https://launchpad.net/ubuntu/+source/libcrypt-saltedhash-perl/0.09-3ubuntu0.25.10.1

--===============7697762397748055449==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :