Threadpost reports that the maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved. PHP 5.3.7 was just released last week and that version contained fixes for a slew of security vulnerabilities. But now a serious flaw has been found in that new release that is related to the way that one of the cryptographic functions handles inputs. In some cases, when the crypt() function is called using MD5 salts, the function will return only the salt value instead of the salted hash value. The problem does not occur when using Blowfish or DES, only with MD5. The initial bug report on the problem in the PHP system appeared Aug. 17, the day before the public stable release of PHP 5.3.7.
Archives
-
▼
2011
(171)
-
▼
August
(31)
- Open-frame panel PCs target ATMs, kiosks
- Arch Linux moves up to Linux 3.0
- Fujitsu's Android tablet is ready for bathtub readers
- Galaxy line gains four new Android 2.3 phones, new...
- Vehicle PC's claimed to boot in five seconds
- Embedded controller's manageable even without OS i...
- PHP 5.3.8 Packages for Debian 6.0
- First NFC-ready Android tablets debut
- Serious Crypto Bug Found in PHP 5.3.7
- Kloxo 6.1.7 pre-release available
- PlayOnLinux 4.0 released
- Linux founder Torvalds takes a swipe at ARM
- GNOME-Designer Jon McCann about the future of GNOME3
- Xen Cloud Platform (XCP) - Review & tutorial
- Acer releases seven-inch Android 3.2 tablet for $330
- ATX board offers RAID, Sandy Bridge Core processors
- Mini-ITX board has quad-core Xeon, RAID support
- Compact Atom PC's easy to hide away
- The IBM PC's birthday, vacuum tubes, and why table...
- CompatDB Updates 08/12/11
- Thunderbird Confirmed as Default Mail App For Ubun...
- Squirrelmail security update for Debian
- Installing Dovecot and Squirrelmail in CentOS & Sc...
- Firefox 6.0 Beta 5 released
- Up to a million Android users affected by malware,...
- Huawei serves up a curvy Gingerbread phone
- Linus Torvalds Not a Fan of Gnome 3
- LibreOffice 3.4.2 released
- Kernel Update for RHEL 6
- Installing Subversion & Enabling Access Via Differ...
- Mesa 7.11 Brings Much-Needed Linux Graphics Driver...
-
▼
August
(31)