Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.announce.security > #4752

[SECURITY] [DSA 6186-1] php-phpseclib security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6186-1] php-phpseclib security update
Date 2026-03-29 21:10 +0200
Message-ID <ME3Gh-beBI-1@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6186-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 29, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php-phpseclib
CVE ID         : CVE-2026-32935

It was discovered that the AES-CBC implementation in the PHP Secure
Communications Library was susceptible to a padding oracle timing attack.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.0.42-1+deb12u3. This update also fixes CVE-2023-52892.

For the stable distribution (trixie), these problems have been fixed in
version 2.0.48-3+deb13u1.

We recommend that you upgrade your php-phpseclib packages.

For the detailed security status of php-phpseclib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-phpseclib

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnJdSAACgkQEMKTtsN8
Tjaufg/8DeFCl3NVKnxu+plpZw3BNmU5arR2JSfAYF+b7cGo/UkJ8tyJuGM8VzzH
8ijnT92Zfq6HNKwboQ0k1JGWm5rmQSQI2bU7EJkewqDXOe9qPSZVjF46ayTnByND
4+7bfCq1lg5FU2sEZF/5zZqnnI5p2ctWh+1rSYZVVJxCpEy43zkA9Yv5RLq0aHhb
Bp3E2i+jJlJjL25VmJLYVVl/JFgbvD4WCHYUXbkAsBMeHLuR4UfYrSvL1BrP22wG
lbsBWmbX82c1FkMuV+sgfFF+3cT+jawDo2AWgl8CDa0c/xX0m1u1KIHcDri/hJ4Z
Pbomx7fdPT0239YCk6GrnOQiNg1TYe7kKhTUgHnZkKZIta0p2K7rGJEhJ0jLCUWv
2esTIzMizokDkEPYjCTDdB1ggY9D77iixEX41V6UVZBioEympPCsIgnxCgf6pVOm
Vv3bUHMbVni81MaskvUQS+I1E/koWCwra6wrmOvGN8HyFLBEgV2oYDi7YD/KZYPL
PBN4cep2SBghuKJxmO/HEu9G18o+iLTagZz5TqzeYdZm2ZsUHyN75rnXDbCAcazn
qltCjRQhSYXgmuqksZcY652yTA0uckejBYc8fAGnsYNBt/xYsJES7KesfEuM+Ssn
IiR0R66Q3RTdZZ9bGVE7BSfyU/EOw09WwvxAarhzCyX/ZS18w0E=
=IEil
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6186-1] php-phpseclib security update Moritz Muehlenhoff <jmm@debian.org> - 2026-03-29 21:10 +0200

csiph-web