Lucene search
GoogleOSV:DSA-3588-1HistoryMay 29, 2016 - 12:00 a.m.
symfony - security update
2016-05-2900:00:00
Google
osv.dev
7
0.01 Low
EPSS
Percentile
84.0%
Two vulnerabilities were discovered in Symfony, a PHP framework.
- CVE-2016-1902
Lander Brandt discovered that the class SecureRandom might generate
weak random numbers for cryptographic use under certain settings. If
the functions random_bytes() or openssl_random_pseudo_bytes() are not
available, the output of SecureRandom should not be consider secure. - CVE-2016-4423
Marek Alaksa from Citadelo discovered that it is possible to fill up
the session storage space by submitting inexistent large usernames.
For the stable distribution (jessie), these problems have been fixed in
version 2.3.21+dfsg-4+deb8u3.
For the testing distribution (stretch), these problems have been fixed
in version 2.8.6+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in
version 2.8.6+dfsg-1.
We recommend that you upgrade your symfony packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| symfony | eq | 2.3.21+dfsg-4+deb8u2 | |
| symfony | eq | 2.3.21+dfsg-4 | |
| symfony | eq | 2.3.21+dfsg-4+deb8u1 |
References
Related
debian
debian
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59
nessus
nessus
Debian DSA-3588-1 : symfony - security update
2016-05-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 3588-1 (symfony - security update)
2016-05-29 00:00:00
Debian: Security Advisory (DSA-3588-1)
2016-05-28 00:00:00
friendsofphp
friendsofphp
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
nvd
nvd
CVE-2016-4423
2016-06-01 22:59:02
CVE-2016-1902
2016-06-01 22:59:01
cvelist
cvelist
CVE-2016-4423
2016-06-01 22:00:00
CVE-2016-1902
2016-06-01 22:00:00
debiancve
debiancve
CVE-2016-4423
2016-06-01 22:59:02
CVE-2016-1902
2016-06-01 22:59:01
prion
prion
Authentication flaw
2016-06-01 22:59:00
Design/Logic Flaw
2016-06-01 22:59:00
veracode
veracode
Denial Of Service (DoS)
2017-07-26 21:16:09
Insecure Psuedo-Random Number Generation (PRNG)
2017-07-26 03:08:08
symfony
symfony
CVE-2016-4423: Large username storage in session
2016-05-09 00:00:00
CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails
2016-01-18 00:00:00
osv
osv
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
Symfony Cryptographic Vulnerability
2022-05-17 03:54:47
github
github
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
Symfony Cryptographic Vulnerability
2022-05-17 03:54:47
cve
cve
CVE-2016-4423
2016-06-01 22:59:02
CVE-2016-1902
2016-06-01 22:59:01
ubuntucve
ubuntucve
CVE-2016-4423
2016-06-01 00:00:00
CVE-2016-1902
2016-06-01 00:00:00