Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
202

openSUSE Cacti Moderate User Enumeration Issue Vuln 2026-0189-1

An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for cacti ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0189-1 Rating: moderate References: Cross-References: CVE-2024-27355 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cacti fixes the following issues: - Update to version 1.2.30+git457.e55c2aea: * docs(changelog): add security fix refs for 1.2.31 (#7170) * fix: Upgrade DOMPurify again for additional hardening (#7168) * security: Ensure that reports does not work as guest (#7167) * Update translation files * security: GHSA-m7v2-f3xw-3qh7 - User Enumeration via Error Messages (#7166) * chore: Move around developers, rest in peace my friend (#7165) * Import undefined variable (#7164) * fix: guard api_plugin_moveup/movedown against NULL prior/next id (1.2.x backport) (#7158) * fix(correctness): loop-state leaks, chunk-aware poller CRC, header-suppression and tree false-guards (1.2.x) (#7151) * fix: Remove composer.lock (#7156) * test: source-pattern coverage backfill for PR 7148, 7149, 7150 (#7153) * fix: CVE-2024-27355 in phpseclib (#7155) * chore: Update ChangeLogs (#7152) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-189=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): cacti-1.2.30+git457.e55c2aea-bp157.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-27355.html . A security update foropenSUSE provides a fix for a moderate risk issue in Cacti, addressing user enumeration vulnerabilities.. openSUSE security patch, Cacti security fix, PHPseclib update. . LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 OpenSUSE
197

Debian 11 phpseclib TLS Confusion and Padding Oracle Attack Overview

Two vulnerabilities were discovered in phpseclib, a PHP Secure Communications Library. CVE-2023-52892 Some characters in Subject Alternative Name fields in TLS certificates were incorrectly allowed to have a special meaning. Debian LTS Advisory DLA-4518-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta March 30, 2026 https://wiki.debian.org/LTS Package : phpseclib Version : 1.0.19-3+deb11u3 CVE ID : CVE-2023-52892 CVE-2026-32935 Two vulnerabilities were discovered in phpseclib, a PHP Secure Communications Library. CVE-2023-52892 Some characters in Subject Alternative Name fields in TLS certificates were incorrectly allowed to have a special meaning in regular expressions, leading to name confusion in X.509 certificate host verification. CVE-2026-32935 The AES-CBC implementation was susceptible to a padding oracle timing attack due to the use of a short-circuiting logical operator in the unpadding function. For Debian 11 bullseye, these problems have been fixed in version 1.0.19-3+deb11u3. We recommend that you upgrade your phpseclib packages. For the detailed security status of phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/phpseclib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Discover vulnerabilities in phpseclib affecting TLS verification and AES-CBC implementation. Upgrade recommended now.. Debian Security, phpseclib, TLS Certificate, AES-CBC, Padding Oracle Attack. . LinuxSecurity.com Team

Calendar%202 Mar 30, 2026 Debian LTS
87

Debian Oldstable phpseclib Key Padding Attack Fix DSA-6185-1 CVE-2026-32935

It was discovered that the AES-CBC implementation in the PHP Secure Communications Library was susceptible to a padding oracle timing attack. For the oldstable distribution (bookworm), these problems have been fixed in version 1.0.20-1+deb12u3. This update also fixes CVE-2023-52892. For the stable distribution (trixie), these problems have been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : phpseclib CVE ID : CVE-2026-32935 It was discovered that the AES-CBC implementation in the PHP Secure Communications Library was susceptible to a padding oracle timing attack. For the oldstable distribution (bookworm), these problems have been fixed in version 1.0.20-1+deb12u3. This update also fixes CVE-2023-52892. For the stable distribution (trixie), these problems have been fixed in version 1.0.23-6+deb13u1. We recommend that you upgrade your phpseclib packages. For the detailed security status of phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/phpseclib Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The AES-CBC in phpseclib has a serious padding oracle timing attack issue. Update recommended to secure systems.. Debian Security Advisory, phpseclib update, CVE-2026-32935, AES-CBC attack. . LinuxSecurity.com Team

Calendar%202 Mar 29, 2026 Debian
89

Fedora 43 php-phpseclib Update 2.0.52 Vulnerability Disclosure Risk

Update to v2.0.52. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d1feefa819 2026-03-28 00:45:01.878008+00:00 -------------------------------------------------------------------------------- Name : php-phpseclib Product : Fedora 43 Version : 2.0.52 Release : 1.fc43 URL : https://github.com/phpseclib/phpseclib Summary : PHP Secure Communications Library Description : MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -------------------------------------------------------------------------------- Update Information: Update to v2.0.52 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2026 Artur Frenszek-Iwicki - 2.0.52-1 - Update to v2.0.52 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449636 - CVE-2026-32935 php-phpseclib: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2449636 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d1feefa819' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 updates php-phpseclib to v2.0.52 addressing AES information disclosure risks via timing attacks.. Fedora security phpseclib updates information disclosure AES. . LinuxSecurity.com Team

Calendar%202 Mar 28, 2026 Fedora
172

Ubuntu 22.04 LTS: USN-7404-1 critical: phpseclib bypass issues

Several security issues were fixed in phpseclib.. ========================================================================== Ubuntu Security Notice USN-7404-1 April 02, 2025 phpseclib vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in phpseclib. Software Description: - php-phpseclib: implementations of an arbitrary-precision integer arithmetic - php-phpseclib3: implementations of an arbitrary-precision integer arithmetic - phpseclib: implementations of an arbitrary-precision integer arithmetic Details: It was discovered that phpseclib did not correctly handle RSA PKCS#1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-30130) It was discovered that phpseclib did not correctly handle certain characters in certain TLS fields, which could lead to name confusion. An attacker could possibly use this issue to bypass authentication. (CVE-2023-52892) It was discovered that phpseclib incorrectly limited the size of prime numbers generated by isPrime. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-27354) It was discovered that phpseclib did not correctly handle processing the ASN.1 object identifier of a certificate. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS php-phpseclib 2.0.36-1ubuntu0.1~esm2 Available with Ubuntu Pro php-phpseclib3 3.0.13-1ubuntu0.1~esm1 Available with Ubuntu Pro php-seclib 1.0.20-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS php-phpseclib 2.0.23-2ubuntu0.1~esm2 Available with Ubuntu Pro php-seclib 1.0.18-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS php-phpseclib 2.0.9-1ubuntu0.1~esm2 Available with Ubuntu Pro php-seclib 1.0.9-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS php-phpseclib 2.0.1-1ubuntu0.1~esm2 Available with Ubuntu Pro php-seclib 1.0.1-3ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7404-1 CVE-2021-30130, CVE-2023-52892, CVE-2024-27354, CVE-2024-27355 . Numerous patches addressing vulnerabilities in phpseclib have been released for various Ubuntu releases. Ensure your systems are up-to-date for improved security measures.. phpseclib security update, Ubuntu advisory, php libraries vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Apr 02, 2025 Ubuntu
89

Fedora 40: FEDORA-2025-b38cbff99d critical: php-phpseclib issues

Security fix for CVE-2023-52892, CVE-2024-27354. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b38cbff99d 2025-02-09 01:30:07.778621+00:00 -------------------------------------------------------------------------------- Name : php-phpseclib Product : Fedora 40 Version : 2.0.48 Release : 1.fc40 URL : https://github.com/phpseclib/phpseclib Summary : PHP Secure Communications Library Description : MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-52892, CVE-2024-27354 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 30 2025 Artur Frenszek-Iwicki - 2.0.48-1 - Update to v2.0.48 * Thu Jan 25 2024 Fedora Release Engineering - 2.0.44-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 2.0.44-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2294674 - CVE-2023-52892 php-phpseclib: php-seclib: Incorrect allowed input via Subject Alternative Name fields [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294674 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b38cbff99d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Latest enhancements for php-phpseclib in Fedora 40 target urgent security vulnerabilities and essential patches.. phpseclib Security Fix, Fedora 40 Advisory, CVE 2023-52892 Update. . LinuxSecurity.com Team

Calendar%202 Feb 09, 2025 Fedora
197

Debian 10 Buster DLA-3749-1 Critical: phpseclib Denial of Service Threat

Security issues were discovered in phpseclib, a PHP library for arbitrary-precision integer arithmetic, which could lead to Denial of Service. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3749-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin March 05, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : phpseclib Version : 1.0.19-3~deb10u3 CVE ID : CVE-2024-27354 CVE-2024-27355 Security issues were discovered in phpseclib, a PHP library for arbitrary-precision integer arithmetic, which could lead to Denial of Service. CVE-2024-27354 An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an `isPrime` primality check). This issue was introduced when attempting to fix CVE-2023-27560. CVE-2024-27355 When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for `decodeOID`). For Debian 10 buster, these problems have been fixed in version 1.0.19-3~deb10u3. We recommend that you upgrade your phpseclib packages. For the detailed security status of phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/phpseclib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3750-1 tackles a security flaw in python-requests that necessitates prompt attention and update.. denial of service, phpseclib update, debian advisory. . LinuxSecurity.com Team

Calendar%202 Mar 05, 2024 Debian LTS
197

Debian 10: DLA-3719-1 critical: phpseclib Remote Access Risk

It was discovered that phpseclib, a PHP library for arbitrary-precision integer arithmetic, was vulnerable to the so-called Terrapin Attack. The SSH transport protocol with certain OpenSSH extensions, allows . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3719-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin January 25, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : phpseclib Version : 1.0.19-3~deb10u2 CVE ID : CVE-2023-48795 It was discovered that phpseclib, a PHP library for arbitrary-precision integer arithmetic, was vulnerable to the so-called Terrapin Attack. The SSH transport protocol with certain OpenSSH extensions, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). For Debian 10 buster, this problem has been fixed in version 1.0.19-3~deb10u2. We recommend that you upgrade your phpseclib packages. For the detailed security status of phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/phpseclib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3719-1 addresses CVE-2023-48795 in phpseclib. Urgent update recommended for remote access security..phpseclib Security, Debian Update, Terrapin Attack. . LinuxSecurity.com Team

Calendar%202 Jan 25, 2024 Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200