Mangelnde Prüfung von Signaturen in php-phpseclib
ID: | FEDORA-2021-26bc109028 |
Distribution: | Fedora |
Plattformen: | Fedora 32 |
Datum: | Fr, 16. April 2021, 00:11 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130 |
Applikationen: | php-phpseclib |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-26bc109028 2021-04-15 14:53:31.655567 -------------------------------------------------------------------------------- Name : php-phpseclib Product : Fedora 32 Version : 2.0.31 Release : 1.fc32 URL : https://github.com/phpseclib/phpseclib Summary : PHP Secure Communications Library Description : MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 -------------------------------------------------------------------------------- Update Information: **Version 2.0.31** - 2021-04-06 - X509: always parse the first cert of a bundle (#1568) - SSH2: behave like putty with broken publickey auth (#1572) - SSH2: don't close channel on unexpected response to channel request (#1631) - RSA: support keys with PSS algorithm identifier (#1584) - RSA: cleanup RSA PKCS#1 v1.5 signature verification (CVE-2021-30130) - SFTP/Stream: make it so you can write past the end of a file (#1618) - SFTP: fix undefined index notice in stream touch() (#1615) - SFTP: digit only filenames were converted to integers by php (#1623) - BigInteger: fix issue with toBits on 32-bit PHP 8 installs - Crypt: use a custom error handler for mcrypt to avoid deprecation errors -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 6 2021 Remi Collet |