USN-7404-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7404-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7404-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7404-1

Related

Published

2025-04-02T01:35:46.382034Z

Modified

2025-04-02T01:35:46.382034Z

Summary

phpseclib vulnerabilities

Details

It was discovered that phpseclib did not correctly handle RSA PKCS#1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-30130)

It was discovered that phpseclib did not correctly handle certain characters in certain TLS fields, which could lead to name confusion. An attacker could possibly use this issue to bypass authentication. (CVE-2023-52892)

It was discovered that phpseclib incorrectly limited the size of prime numbers generated by isPrime. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-27354)

It was discovered that phpseclib did not correctly handle processing the ASN.1 object identifier of a certificate. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355)

References

Affected packages

Ubuntu:Pro:16.04:LTS / php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/ubuntu/php-phpseclib@2.0.1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.1-1ubuntu0.1~esm2

Affected versions

2.*

2.0.1-1

2.0.1-1build1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.0.1-1ubuntu0.1~esm2",
            "binary_name": "php-phpseclib"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / phpseclib

Package

Name: phpseclib
Purl: pkg:deb/ubuntu/phpseclib@1.0.1-3ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1-3ubuntu0.1+esm1

Affected versions

0.*

0.3.10-3

1.*

1.0.0-2

1.0.0-3

1.0.1-1

1.0.1-3

1.0.1-3ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.0.1-3ubuntu0.1+esm1",
            "binary_name": "php-seclib"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/ubuntu/php-phpseclib@2.0.9-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.9-1ubuntu0.1~esm2

Affected versions

2.*

2.0.6-1

2.0.7-1

2.0.9-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.0.9-1ubuntu0.1~esm2",
            "binary_name": "php-phpseclib"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / phpseclib

Package

Name: phpseclib
Purl: pkg:deb/ubuntu/phpseclib@1.0.9-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.9-1ubuntu0.1~esm1

Affected versions

1.*

1.0.7-1

1.0.8-1

1.0.9-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.0.9-1ubuntu0.1~esm1",
            "binary_name": "php-seclib"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/ubuntu/php-phpseclib@2.0.23-2ubuntu0.1~esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.23-2ubuntu0.1~esm2

Affected versions

2.*

2.0.21-2

2.0.23-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.0.23-2ubuntu0.1~esm2",
            "binary_name": "php-phpseclib"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / phpseclib

Package

Name: phpseclib
Purl: pkg:deb/ubuntu/phpseclib@1.0.18-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.18-2ubuntu0.1~esm1

Affected versions

1.*

1.0.16-2

1.0.18-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.0.18-2ubuntu0.1~esm1",
            "binary_name": "php-seclib"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / php-phpseclib

Package

Name: php-phpseclib
Purl: pkg:deb/ubuntu/php-phpseclib@2.0.36-1ubuntu0.1~esm2?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.36-1ubuntu0.1~esm2

Affected versions

2.*

2.0.30-2ubuntu1

2.0.34-1

2.0.35-1

2.0.36-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.0.36-1ubuntu0.1~esm2",
            "binary_name": "php-phpseclib"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / php-phpseclib3

Package

Name: php-phpseclib3
Purl: pkg:deb/ubuntu/php-phpseclib3@3.0.13-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.13-1ubuntu0.1~esm1

Affected versions

3.*

3.0.9-1

3.0.10-1

3.0.12-2

3.0.13-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.0.13-1ubuntu0.1~esm1",
            "binary_name": "php-phpseclib3"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / phpseclib

Package

Name: phpseclib
Purl: pkg:deb/ubuntu/phpseclib@1.0.20-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.20-1ubuntu0.1~esm1

Affected versions

1.*

1.0.19-3ubuntu2

1.0.19-3ubuntu3

1.0.20-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.0.20-1ubuntu0.1~esm1",
            "binary_name": "php-seclib"
        }
    ]
}