ELA-1050-1 php-phpseclib security update

Terrapin Attack

2024-02-29
Packagephp-phpseclib
Version2.0.30-2~deb9u1 (stretch)
Related CVEs CVE-2023-48795


The Terrapin attack is a cryptographic attack on the SSH prootocol reducing the security of SSH, by using a downgrade attack via man-in-the-middle interception. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.



For Debian 9 stretch, these problems have been fixed in version 2.0.30-2~deb9u1.

We recommend that you upgrade your php-phpseclib packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.