Explore top 10 tips to secure your open-source projects now. Read More
×An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for cacti ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0189-1 Rating: moderate References: Cross-References: CVE-2024-27355 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cacti fixes the following issues: - Update to version 1.2.30+git457.e55c2aea: * docs(changelog): add security fix refs for 1.2.31 (#7170) * fix: Upgrade DOMPurify again for additional hardening (#7168) * security: Ensure that reports does not work as guest (#7167) * Update translation files * security: GHSA-m7v2-f3xw-3qh7 - User Enumeration via Error Messages (#7166) * chore: Move around developers, rest in peace my friend (#7165) * Import undefined variable (#7164) * fix: guard api_plugin_moveup/movedown against NULL prior/next id (1.2.x backport) (#7158) * fix(correctness): loop-state leaks, chunk-aware poller CRC, header-suppression and tree false-guards (1.2.x) (#7151) * fix: Remove composer.lock (#7156) * test: source-pattern coverage backfill for PR 7148, 7149, 7150 (#7153) * fix: CVE-2024-27355 in phpseclib (#7155) * chore: Update ChangeLogs (#7152) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-189=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): cacti-1.2.30+git457.e55c2aea-bp157.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-27355.html . A security update foropenSUSE provides a fix for a moderate risk issue in Cacti, addressing user enumeration vulnerabilities.. openSUSE security patch, Cacti security fix, PHPseclib update. . LinuxSecurity.com Team
Two vulnerabilities were discovered in phpseclib, a PHP Secure Communications Library. CVE-2023-52892 Some characters in Subject Alternative Name fields in TLS certificates were incorrectly allowed to have a special meaning. Debian LTS Advisory DLA-4518-1
It was discovered that the AES-CBC implementation in the PHP Secure Communications Library was susceptible to a padding oracle timing attack. For the oldstable distribution (bookworm), these problems have been fixed in version 1.0.20-1+deb12u3. This update also fixes CVE-2023-52892. For the stable distribution (trixie), these problems have been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1
Update to v2.0.52. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d1feefa819 2026-03-28 00:45:01.878008+00:00 -------------------------------------------------------------------------------- Name : php-phpseclib Product : Fedora 43 Version : 2.0.52 Release : 1.fc43 URL : https://github.com/phpseclib/phpseclib Summary : PHP Secure Communications Library Description : MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -------------------------------------------------------------------------------- Update Information: Update to v2.0.52 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2026 Artur Frenszek-Iwicki - 2.0.52-1 - Update to v2.0.52 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449636 - CVE-2026-32935 php-phpseclib: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2449636 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d1feefa819' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Several security issues were fixed in phpseclib.. ========================================================================== Ubuntu Security Notice USN-7404-1 April 02, 2025 phpseclib vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in phpseclib. Software Description: - php-phpseclib: implementations of an arbitrary-precision integer arithmetic - php-phpseclib3: implementations of an arbitrary-precision integer arithmetic - phpseclib: implementations of an arbitrary-precision integer arithmetic Details: It was discovered that phpseclib did not correctly handle RSA PKCS#1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-30130) It was discovered that phpseclib did not correctly handle certain characters in certain TLS fields, which could lead to name confusion. An attacker could possibly use this issue to bypass authentication. (CVE-2023-52892) It was discovered that phpseclib incorrectly limited the size of prime numbers generated by isPrime. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-27354) It was discovered that phpseclib did not correctly handle processing the ASN.1 object identifier of a certificate. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS php-phpseclib 2.0.36-1ubuntu0.1~esm2 Available with Ubuntu Pro php-phpseclib3 3.0.13-1ubuntu0.1~esm1 Available with Ubuntu Pro php-seclib 1.0.20-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS php-phpseclib 2.0.23-2ubuntu0.1~esm2 Available with Ubuntu Pro php-seclib 1.0.18-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS php-phpseclib 2.0.9-1ubuntu0.1~esm2 Available with Ubuntu Pro php-seclib 1.0.9-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS php-phpseclib 2.0.1-1ubuntu0.1~esm2 Available with Ubuntu Pro php-seclib 1.0.1-3ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7404-1 CVE-2021-30130, CVE-2023-52892, CVE-2024-27354, CVE-2024-27355 . Numerous patches addressing vulnerabilities in phpseclib have been released for various Ubuntu releases. Ensure your systems are up-to-date for improved security measures.. phpseclib security update, Ubuntu advisory, php libraries vulnerabilities. . LinuxSecurity.com Team
Security fix for CVE-2023-52892, CVE-2024-27354. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b38cbff99d 2025-02-09 01:30:07.778621+00:00 -------------------------------------------------------------------------------- Name : php-phpseclib Product : Fedora 40 Version : 2.0.48 Release : 1.fc40 URL : https://github.com/phpseclib/phpseclib Summary : PHP Secure Communications Library Description : MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-52892, CVE-2024-27354 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 30 2025 Artur Frenszek-Iwicki - 2.0.48-1 - Update to v2.0.48 * Thu Jan 25 2024 Fedora Release Engineering - 2.0.44-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 2.0.44-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2294674 - CVE-2023-52892 php-phpseclib: php-seclib: Incorrect allowed input via Subject Alternative Name fields [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294674 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b38cbff99d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Security issues were discovered in phpseclib, a PHP library for arbitrary-precision integer arithmetic, which could lead to Denial of Service. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3749-1
It was discovered that phpseclib, a PHP library for arbitrary-precision integer arithmetic, was vulnerable to the so-called Terrapin Attack. The SSH transport protocol with certain OpenSSH extensions, allows . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3719-1
Get the latest Linux and open source security news straight to your inbox.