22nd August 2011
|
|
Tcpdump Spy
|
|
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
|
|
http://www.h-online.com/security/new...7-1327427.html
Quote:
The PHP developers have warned users not to upgrade to the latest stable branch release of the PHP scripting language due to a serious bug. In PHP 5.3.7, a security and maintenance update from last week, the crypt() function that is used to hash a string – typically a password – fails if an MD5 salt is given as an argument. In that case, instead of returning the hashed string, the function merely returns the salt itself.
The developers note that "DES and BLOWFISH salts work as expected". Until an update that fixes the bug is made available, the developers advise users not to upgrade to 5.3.7; version 5.3.8 is expected to arrive in the next "few days".
|
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
|