Debian 9942 Published by

A php-phpseclib security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue with RSA PKCS#1 v1.5 signature verification.



ELA-869-1 php-phpseclib security update

Package : php-phpseclib
Version : 2.0.4-1 (stretch)

Related CVEs :
CVE-2021-30130

It was discovered that php-phpseclib, a pure-PHP implementation of various cryptographic and arithmetic algorithms, mishandles RSA PKCS#1 v1.5 signature verification. An attacker may get invalid signatures accepted, bypassing authorization control in specific situations.

ELA-869-1 php-phpseclib security update