Fedora Account System
Red Hat Associate
Red Hat Customer
The random byte generation function used in the SOAP HTTP Digest authentication code is not checked for failure. This can result in a stack information leak. Furthermore, there's an insufficient number of random bytes used. https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw
Created php tracking bugs for this issue: Affects: fedora-all [bug 2219296]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5926 https://access.redhat.com/errata/RHSA-2023:5926
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5927 https://access.redhat.com/errata/RHSA-2023:5927
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0387 https://access.redhat.com/errata/RHSA-2024:0387
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:10952 https://access.redhat.com/errata/RHSA-2024:10952