vulnerability

Debian: CVE-2016-1902: symfony -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	May 29, 2016	May 30, 2016	Mar 2, 2020

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

May 29, 2016

Added

May 30, 2016

Modified

Mar 2, 2020

Description

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

Solution

debian-upgrade-symfony

References

CVE-2016-1902
https://attackerkb.com/topics/CVE-2016-1902
DEBIAN-DSA-3588

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today