Fedora 43 php-phpseclib3 Critical Info Disclosure CVE-2026-32935
fedora
March 30, 2026
Update to v3.0.50; contains fix for CVE-2026-32935
Summary
MIT-licensed pure-PHP implementations of an arbitrary-precision integer
arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4,
Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509
Update Information:
Update to v3.0.50; contains fix for CVE-2026-32935
Topics Covered
Change Log
* Sat Mar 21 2026 Artur Frenszek-Iwicki
References
[ 1 ] Bug #2448961 - php-phpseclib3-3.0.50 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448961
[ 2 ] Bug #2449637 - CVE-2026-32935 php-phpseclib3: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449637
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b7d9416ec4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: php-phpseclib3
Product: Fedora 43
Version: 3.0.50
Release: 1.fc43
Summary: PHP Secure Communications Library
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!