Debian 10261 Published by

A php7.0 security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue with PHP's implementation of the SOAP HTTP Digest authentication.



ELA-873-1 php7.0 security update

Package : php7.0
Version : 7.0.33-0+deb9u15 (stretch)

Related CVEs :
CVE-2023-3247

Niels Dossche and Tim Düsterhus discovered that PHP’s implementation of the
SOAP HTTP Digest authentication used an insufficient number of random bytes.
This would affect PHP applications that use SOAP with HTTP Digest
authentication against a possibly malicious server over HTTP.

ELA-873-1 php7.0 security update