DSA-3588-1 symfony -- symfonyID: oval:org.secpod.oval:def:602518 | Date: (C)2016-06-02 (M)2021-06-02 |
Class: PATCH | Family: unix |
Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes or openssl_random_pseudo_bytes are not available, the output of SecureRandom should not be consider secure. CVE-2016-4423 Marek Alaksa from Citadelo discovered that it is possible to fill up the session storage space by submitting inexistent large usernames.