DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th August 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default PHP 5.3.7 update closes security holes

From http://h-online.com/-1326138

Quote:
The PHP developers have released PHP 5.3.7, a security and maintenance update to the stable branch of the PHP scripting language. Over ninety bug fixes have been applied, along with updates to the bundled Sqlite3 (to version 3.7.7.1) and PCRE (to version 8.12). The bug fixes resolve a number of crashing flaws when using tack_errors, calling unknown function names, passing NULL to the DatePeriod constructor and many more. Full details of all the modifications are in the change log.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 22nd August 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

http://www.h-online.com/security/new...7-1327427.html

Quote:
The PHP developers have warned users not to upgrade to the latest stable branch release of the PHP scripting language due to a serious bug. In PHP 5.3.7, a security and maintenance update from last week, the crypt() function that is used to hash a string – typically a password – fails if an MD5 salt is given as an argument. In that case, instead of returning the hashed string, the function merely returns the salt itself.

The developers note that "DES and BLOWFISH salts work as expected". Until an update that fixes the bug is made available, the developers advise users not to upgrade to 5.3.7; version 5.3.8 is expected to arrive in the next "few days".
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 22nd August 2011
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
ISO Quartermaster
 
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 589
Default

I'm sick of php
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP 5.3.6 closes five security holes J65nko News 2 17th March 2011 07:49 PM
Exim update closes vulnerability J65nko News 0 1st February 2011 06:41 PM
Java 6 Update 19 closes 26 security holes J65nko News 1 31st March 2010 10:27 PM
Update for Apache 2.2 web server closes various security holes J65nko News 0 9th March 2010 08:50 PM
Cisco closes numerous holes in its security products J65nko News 0 18th February 2010 03:45 PM


All times are GMT. The time now is 02:38 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick