Hi, On Sat, 2016-02-20 at 10:59 -0400, David Prévot wrote: > H, > > Le 20/02/2016 10:25, Julien Cristau a écrit : > > Control: tags -1 moreinfo > […] > >> symfony (2.3.21+dfsg-4+deb8u3) jessie; urgency=medium > >> > >> [ Daniel Beyer ] > >> * Backport a security fix from 2.3.37 > >> - SecureRandom's fallback not secure when OpenSSL fails [CVE-2016-1902] > […] > > Why have a fallback at all? When would openssl be expected to fail? > > Since php5 in Debian is built with openssl, my understanding is it would > only be used on environments where it has been rebuilt with OpenSSL > support turned off (I’m not sure one can deactivate it at run time, so > openssl_random_pseudo_bytes() should always be available in a default > Debian setup if I understood correctly). > > Daniel, can you confirm or provide more information about Julien’s question? >
From what I understand, it would not be enough to only remove the fallback and rely on openssl_random_pseudo_bytes(): This function might silently return weak random data, as stated in the design decisions [1] for the patched-in random_compat. Sadly this aspect is not mentioned by upstream for CVE-2016-1902 [2]. 1: https://github.com/paragonie/random_compat/blob/master/ERRATA.md 2: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails Greetings Daniel
signature.asc
Description: This is a digitally signed message part
