Debian Security Advisory 3402-1

Debian Security Advisory 3402-1: Posted Nov 24, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3402-1 - Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications.; tags | advisory, web, vulnerability; systems | linux, debian; advisories | CVE-2015-8124, CVE-2015-8125; SHA-256 | ff3dbe67d87758463ba6a81b35d259e61d5c04ec87f0c71acbd9647d9057be87; Download | Favorite | View

Debian Security Advisory 3402-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3402-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 24, 2015                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : symfony
CVE ID         : CVE-2015-8124 CVE-2015-8125

Several vulnerabilities have been discovered in symfony, a framework to
create websites and web applications. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2015-8124

    The RedTeam Pentesting GmbH team discovered a session fixation
    vulnerability within the "Remember Me" login feature, allowing an
    attacker to impersonate the victim towards the web application if
    the session id value was previously known to the attacker.

CVE-2015-8125

    Several potential remote timing attack vulnerabilities were
    discovered in classes from the Symfony Security component and in the
    legacy CSRF implementation from the Symfony Form component.

For the stable distribution (jessie), these problems have been fixed in
version 2.3.21+dfsg-4+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 2.7.7+dfsg-1.

We recommend that you upgrade your symfony packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWVKi+AAoJEAVMuPMTQ89E/UQP/jA1DKuStKYdEkF+TLSpufUX
UgpvC7Lzlios0KXIzL0OSqqxzIRNG8T5do4vtJs4V6Cnjov29SbmetV10G/v41gA
hYa+ikDCEAW0BGAHD9MjZcmnU7y8e7vryAtBwLlN+LDlXUDbmUl4QdTrzgVmH0+E
qAdB7/3CVoNRNkwNBFNFKTAdo3Dp3HtyYbYSsu9WNNPlgFjYetHoM9hMBtuNGXol
mjmHxKjxkGVkMDECwzCM8qrypk8vsjhevqHdVq0bbE9vmaqJONQv3RwIHC0WazHD
B6OMMJK2mdyYmixJGHAHeQ3D4Z6E8cbgu5pz7AMOHqkT16tiv0oFTPmaWLzoXE/A
t4MpzxE2bGvRUyMGOxlxRrrRZxnSMpHGkgP3Yk9e+Qw0YrMQJ2XwhTg/28DALSP1
htBz0Ley3NXluheMM6OYMuEYJeCoR7D81LHGXwCV50u7de4xyk4jfLWgj6mKAvew
nuUPsFexADZzl2KBzp8TZOjlgXZCnyuWcqu4bErRBgtgjLe+AYSYVcCgRgg/CSUt
LSCHnMe3dyi7tHW03a2/1n2TmmQT+NDoD/cCkkM1fTIJIJZegw2sHaTpo8uZxKAl
UAubzHlFtfMyJ4G99TgAnJs6Ngfv7/jBXdqmOzOCMOrLeANfj+Pl3lJWC4AV5Dv+
fBOEs836cTYiowDT0aeS
=BQcE
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 3402-1

Debian Security Advisory 3402-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3402-1

Share This

Debian Security Advisory 3402-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems