Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 22.04 LTS: USN-7404-1 critical: phpseclib bypass issues

ubuntu
Calendar Grey April 2, 2025
Dist Ubuntu Esm H88
Numerous patches addressing vulnerabilities in phpseclib have been released for various Ubuntu releases. Ensure your systems are up-to-date for improved security measures.
Several security issues were fixed in phpseclib.

Summary

Several security issues were fixed in phpseclib.

Software Description:

- php-phpseclib: implementations of an arbitrary-precision integer arithmetic

- php-phpseclib3: implementations of an arbitrary-precision integer arithmetic

- phpseclib: implementations of an arbitrary-precision integer arithmetic

Details:

It was discovered that phpseclib did not correctly handle RSA PKCS#1

v1.5 signature verification. An attacker could possibly use this issue to

bypass authentication. This issue only affected Ubuntu 20.04 LTS.

(CVE-2021-30130)

It was discovered that phpseclib did not correctly handle certain

characters in certain TLS fields, which could lead to name confusion.

An attacker could possibly use this issue to bypass authentication.

(CVE-2023-52892)

It was discovered that phpseclib incorrectly limited the size of prime

numbers generated by isPrime. An attacker could possibly use this issue

to cause a denial of service. (CVE-2024-27354)

It was discovered ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   php-phpseclib                   2.0.36-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   php-phpseclib3                  3.0.13-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   php-seclib                      1.0.20-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   php-phpseclib                   2.0.23-2ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   php-seclib                      1.0.18-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   php-phpseclib                   2.0.9-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   php-seclib                      1.0.9-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   php-phpseclib                   2.0.1-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   php-seclib                      1.0.1-3ubuntu0.1+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7404-1

  CVE-2021-30130, CVE-2023-52892, CVE-2024-27354, CVE-2024-27355

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7404-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here