| Package | php7.0 |
|---|---|
| Version | 7.0.33-0+deb9u15 (stretch) |
| Related CVEs | CVE-2023-3247 |
Niels Dossche and Tim Düsterhus discovered that PHP’s implementation of the SOAP HTTP Digest authentication used an insufficient number of random bytes. This would affect PHP applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP.
For Debian 9 stretch, these problems have been fixed in version 7.0.33-0+deb9u15.
We recommend that you upgrade your php7.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.