| Package | phpseclib |
|---|---|
| Version | 1.0.19-1~deb9u2 (stretch) |
| Related CVEs | CVE-2023-48795 |
phpseclib, a library used for secure communication written in PHP language, was vulnerable to so called Terrapin-Attack. The SSH transport protocol, with certain OpenSSH extensions, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled.
For Debian 9 stretch, these problems have been fixed in version 1.0.19-1~deb9u2.
We recommend that you upgrade your phpseclib packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.