Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.announce.security > #4750

[SECURITY] [DSA 6185-1] phpseclib security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6185-1] phpseclib security update
Date 2026-03-29 21:00 +0200
Message-ID <ME3wB-behv-17@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6185-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 29, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : phpseclib
CVE ID         : CVE-2026-32935

It was discovered that the AES-CBC implementation in the PHP Secure
Communications Library was susceptible to a padding oracle timing attack.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1.0.20-1+deb12u3. This update also fixes CVE-2023-52892.

For the stable distribution (trixie), these problems have been fixed in
version 1.0.23-6+deb13u1.

We recommend that you upgrade your phpseclib packages.

For the detailed security status of phpseclib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/phpseclib

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnJdR8ACgkQEMKTtsN8
Tjbj0BAAhDikiKe8HvGCmZ/RpP4JrI2y8n41+sChqmYDsHJ4ifJfoVwB10csw2gu
r4OkLb53RdvbnrX4zEjV5IBefv4jw5DiYxwP9zXUovc9Zs4Z3mJR6+iHfvDlOFfw
3RP6kDEFJ8VQgB1MrfDyqROtKsBXyCFyD5SUdS72BDCyVgCo2XzvL0huuWfdL65u
PSBVVueOZ7tzlKGbuwPTXZqbFkNKmQlIm3TI5CfQz+W3kbZug7TJsRNda/Z19xzr
3Job9M1Aju/FLKCkmTNfZgWDQ/VScn+MZlRZcLhkLu2XpY7J4VnJVHwoB4j2PhEh
vm9g/Lby8fe4j4WNPk5ZzPTvwN0xM1w4Xi5nGJUhMeUEBkDNqlTpDsUjIrVNDCbK
zvLpkbBvgVHeBoiyRxOq3wyzDlCg6iOhfWTKl8h5EP4UF+GMMTc8kzwqZuEt6jqR
ieBJ1kGwaA31egqnbAjAbSK9gsCNQmuLsQKVnUNkuEPfFZvxGHq/7EABxedj/5px
J7pKk58E8++C7BINP2SRnRsPE+yx/lIdFoB2sQ4BX+JMQ0ECZOmxdCsAU0g6or0C
RdmGS9wToURTeOa/IXFK4g6DTmvZ95eyZAZ67dnP/Xs/g1AFWUvXY+2F0cGjOXa6
YFOUw9HGpH5iDXlIBseFaY/6cZy3Emeo7+Sy5oqg4T9dfEwyOP8=
=uJnp
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6185-1] phpseclib security update Moritz Muehlenhoff <jmm@debian.org> - 2026-03-29 21:00 +0200

csiph-web