A php-phpseclib security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue with RSA PKCS#1 v1.5 signature verification.
ELA-869-1 php-phpseclib security update
Package : php-phpseclib
ELA-869-1 php-phpseclib security update
Version : 2.0.4-1 (stretch)
Related CVEs :
CVE-2021-30130
It was discovered that php-phpseclib, a pure-PHP implementation of various cryptographic and arithmetic algorithms, mishandles RSA PKCS#1 v1.5 signature verification. An attacker may get invalid signatures accepted, bypassing authorization control in specific situations.
