Packages
- php-phpseclib - implementations of an arbitrary-precision integer arithmetic
- php-phpseclib3 - implementations of an arbitrary-precision integer arithmetic
- phpseclib - implementations of an arbitrary-precision integer arithmetic
Details
It was discovered that phpseclib did not correctly handle RSA PKCS#1
v1.5 signature verification. An attacker could possibly use this issue to
bypass authentication. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-30130)
It was discovered that phpseclib did not correctly handle certain
characters in certain TLS fields, which could lead to name confusion.
An attacker could possibly use this issue to bypass authentication.
(CVE-2023-52892)
It was discovered that phpseclib incorrectly limited the size of prime
numbers generated by isPrime. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-27354)
It was discovered that phpseclib did not correctly handle processing the
ASN.1 object identifier of a certificate. An attacker could possibly use
this issue to cause a denial of...
It was discovered that phpseclib did not correctly handle RSA PKCS#1
v1.5 signature verification. An attacker could possibly use this issue to
bypass authentication. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-30130)
It was discovered that phpseclib did not correctly handle certain
characters in certain TLS fields, which could lead to name confusion.
An attacker could possibly use this issue to bypass authentication.
(CVE-2023-52892)
It was discovered that phpseclib incorrectly limited the size of prime
numbers generated by isPrime. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-27354)
It was discovered that phpseclib did not correctly handle processing the
ASN.1 object identifier of a certificate. An attacker could possibly use
this issue to cause a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 22.04 jammy | php-phpseclib – 2.0.36-1ubuntu0.1~esm2 | ||
| php-phpseclib3 – 3.0.13-1ubuntu0.1~esm1 | |||
| php-seclib – 1.0.20-1ubuntu0.1~esm1 | |||
| 20.04 focal | php-phpseclib – 2.0.23-2ubuntu0.1~esm2 | ||
| php-seclib – 1.0.18-2ubuntu0.1~esm1 | |||
| 18.04 bionic | php-phpseclib – 2.0.9-1ubuntu0.1~esm2 | ||
| php-seclib – 1.0.9-1ubuntu0.1~esm1 | |||
| 16.04 xenial | php-phpseclib – 2.0.1-1ubuntu0.1~esm2 | ||
| php-seclib – 1.0.1-3ubuntu0.1+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.