Security News

Cybersecurity news aggregator

🐧
MEDIUM Updates Debian Security

DSA-6185-1 phpseclib - security update

cve-2026-32935debiancve-2023-52892
  • What: Security update for phpseclib
  • Impact: Addresses padding oracle timing attack in AES-CBC implementation
Read Full Article →

[SECURITY] [DSA 6185-1] phpseclib security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6185-1] phpseclib security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Sun, 29 Mar 2026 18:54:31 +0000 Message-id : < [🔎] acl1Z7YqXFSB326V@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : phpseclib CVE ID : CVE-2026-32935 It was discovered that the AES-CBC implementation in the PHP Secure Communications Library was susceptible to a padding oracle timing attack. For the oldstable distribution (bookworm), these problems have been fixed in version 1.0.20-1+deb12u3. This update also fixes CVE-2023-52892. For the stable distribution (trixie), these problems have been fixed in version 1.0.23-6+deb13u1. We recommend that you upgrade your phpseclib packages. For the detailed security status of phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/phpseclib Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnJdR8ACgkQEMKTtsN8 Tjbj0BAAhDikiKe8HvGCmZ/RpP4JrI2y8n41+sChqmYDsHJ4ifJfoVwB10csw2gu r4OkLb53RdvbnrX4zEjV5IBefv4jw5DiYxwP9zXUovc9Zs4Z3mJR6+iHfvDlOFfw 3RP6kDEFJ8VQgB1MrfDyqROtKsBXyCFyD5SUdS72BDCyVgCo2XzvL0huuWfdL65u PSBVVueOZ7tzlKGbuwPTXZqbFkNKmQlIm3TI5CfQz+W3kbZug7TJsRNda/Z19xzr 3Job9M1Aju/FLKCkmTNfZgWDQ/VScn+MZlRZcLhkLu2XpY7J4VnJVHwoB4j2PhEh vm9g/Lby8fe4j4WNPk5ZzPTvwN0xM1w4Xi5nGJUhMeUEBkDNqlTpDsUjIrVNDCbK zvLpkbBvgVHeBoiyRxOq3wyzDlCg6iOhfWTKl8h5EP4UF+GMMTc8kzwqZuEt6jqR ieBJ1kGwaA31egqnbAjAbSK9gsCNQmuLsQKVnUNkuEPfFZvxGHq/7EABxedj/5px J7pKk58E8++C7BINP2SRnRsPE+yx/lIdFoB2sQ4BX+JMQ0ECZOmxdCsAU0g6or0C RdmGS9wToURTeOa/IXFK4g6DTmvZ95eyZAZ67dnP/Xs/g1AFWUvXY+2F0cGjOXa6 YFOUw9HGpH5iDXlIBseFaY/6cZy3Emeo7+Sy5oqg4T9dfEwyOP8= =uJnp -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6184-1] incus security update Next by Date: [SECURITY] [DSA 6186-1] php-phpseclib security update Previous by thread: [SECURITY] [DSA 6184-1] incus security update Next by thread: [SECURITY] [DSA 6186-1] php-phpseclib security update Index(es): Date Thread

Related Articles

MEDIUM DSA-6187-1 php-phpseclib3 - security update Debian Security MEDIUM DSA-6186-1 php-phpseclib - security update Debian Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn