What is the severity of USN-7404-1?

The severity of USN-7404-1 is considered to be high due to potential authentication bypass vulnerabilities.

How do I fix USN-7404-1?

To fix USN-7404-1, ensure you upgrade to the corresponding patched versions of phpseclib for your Ubuntu release.

Which versions of phpseclib are affected by USN-7404-1?

USN-7404-1 affects phpseclib versions prior to the patched versions listed in the advisory for Ubuntu 20.04 LTS.

If I am using Ubuntu 20.04 LTS, what should I do regarding USN-7404-1?

If you are using Ubuntu 20.04 LTS, you need to update phpseclib to the versions specified in the USN-7404-1 notice.

Is USN-7404-1 specific to any Ubuntu versions?

Yes, USN-7404-1 specifically affects Ubuntu 20.04 LTS.

Vulnerability/
USN-7404-1

2/4/2025

USN-7404-1: phpseclib vulnerabilities

First published: Wed Apr 02 2025(Updated: )

It was discovered that phpseclib did not correctly handle RSA PKCS#1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-30130) It was discovered that phpseclib did not correctly handle certain characters in certain TLS fields, which could lead to name confusion. An attacker could possibly use this issue to bypass authentication. (CVE-2023-52892) It was discovered that phpseclib incorrectly limited the size of prime numbers generated by isPrime. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-27354) It was discovered that phpseclib did not correctly handle processing the ASN.1 object identifier of a certificate. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355)

Affected Software	Affected Version	How to fix
All of
ubuntu/php-phpseclib	<2.0.36-1ubuntu0.1~esm2	2.0.36-1ubuntu0.1~esm2
Ubuntu	=22.04
All of
ubuntu/php-phpseclib3	<3.0.13-1ubuntu0.1~esm1	3.0.13-1ubuntu0.1~esm1
Ubuntu	=22.04
All of
ubuntu/php-seclib	<1.0.20-1ubuntu0.1~esm1	1.0.20-1ubuntu0.1~esm1
Ubuntu	=22.04
All of
ubuntu/php-phpseclib	<2.0.23-2ubuntu0.1~esm2	2.0.23-2ubuntu0.1~esm2
Ubuntu	=20.04
All of
ubuntu/php-seclib	<1.0.18-2ubuntu0.1~esm1	1.0.18-2ubuntu0.1~esm1
Ubuntu	=20.04
All of
ubuntu/php-phpseclib	<2.0.9-1ubuntu0.1~esm2	2.0.9-1ubuntu0.1~esm2
Ubuntu	=18.04
All of
ubuntu/php-seclib	<1.0.9-1ubuntu0.1~esm1	1.0.9-1ubuntu0.1~esm1
Ubuntu	=18.04
All of
ubuntu/php-phpseclib	<2.0.1-1ubuntu0.1~esm2	2.0.1-1ubuntu0.1~esm2
Ubuntu	=16.04
All of
ubuntu/php-seclib	<1.0.1-3ubuntu0.1+esm1	1.0.1-3ubuntu0.1+esm1
Ubuntu	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-7404-1?
The severity of USN-7404-1 is considered to be high due to potential authentication bypass vulnerabilities.
How do I fix USN-7404-1?
To fix USN-7404-1, ensure you upgrade to the corresponding patched versions of phpseclib for your Ubuntu release.
Which versions of phpseclib are affected by USN-7404-1?
USN-7404-1 affects phpseclib versions prior to the patched versions listed in the advisory for Ubuntu 20.04 LTS.
If I am using Ubuntu 20.04 LTS, what should I do regarding USN-7404-1?
If you are using Ubuntu 20.04 LTS, you need to update phpseclib to the versions specified in the USN-7404-1 notice.
Is USN-7404-1 specific to any Ubuntu versions?
Yes, USN-7404-1 specifically affects Ubuntu 20.04 LTS.

collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/title
agent/last-modified-date
agent/references
agent/source
agent/softwarecombine
agent/tags
agent/type
agent/description
agent/first-publish-date
agent/event
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/22.04
version/ubuntu/20.04
version/ubuntu/18.04
version/ubuntu/16.04