CVE-2011-3599
As taught by the '09 Debian PGP disaster relating to DSA, the randomness
source is extremely important. On systems without /dev/random, Crypt::DSA
falls back to using Data::Random. Data::Random uses rand(), about which
the perldoc says "rand() is not cryptographically secure. You should not
rely on it in security-sensitive situations." In the case of DSA, this is
even worse. Using improperly secure randomness sources can compromise the
signing key upon signature of a message.
See: http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/
It might seem that this would not affect Fedora since /dev/random is always
available and so the fall back to Data::Random would never happen. However,
if an application is confined using a MAC system such as SELinux then
access to /dev/random could be denied by policy and the fall back would be
triggered.