Private key recovery via incomplete comparison checks biasing DSA nonces
Summary
Private key recovery via incomplete comparison checks biasing DSA nonces. Red Hat rates this important (CVSS 9.1). Weakness: CWE-338. Affected package(s): migration-toolkit-virtualization/mtv-console-plugin-rhel9:1779139872, quay/quay-rhel8:1775169155, quay/quay-rhel8:1775253092, quay/quay-rhel9:1779204086, migration-toolkit-virtualization/mtv-console-plugin-rhel9:1778927462, quay/quay-rhel8:1775169219. Resolved in Red Hat advisory RHSA-2026:6926 — update the affected packages (`sudo dnf update`).
- migration-toolkit-virtualization/mtv-console-plugin-rhel9:1779139872
- quay/quay-rhel8:1775169155
- quay/quay-rhel8:1775253092
- quay/quay-rhel9:1779204086
- migration-toolkit-virtualization/mtv-console-plugin-rhel9:1778927462
- quay/quay-rhel8:1775169219
- quay/quay-rhel8:1775169218
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:6926
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:6926 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.