In association with heise online

« previous | next »
22 August 2011, 13:44

PHP users warned not to upgrade to 5.3.7

PHP Logo The PHP developers have warned users not to upgrade to the latest stable branch release of the PHP scripting language due to a serious bug. In PHP 5.3.7, a security and maintenance update from last week, the crypt() function that is used to hash a string – typically a password – fails if an MD5 salt is given as an argument. In that case, instead of returning the hashed string, the function merely returns the salt itself.

The developers note that "DES and BLOWFISH salts work as expected". Until an update that fixes the bug is made available, the developers advise users not to upgrade to 5.3.7; version 5.3.8 is expected to arrive in the next "few days".

Update 24-08-11: PHP 5.3.8 has now been released.

(crve)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-1327427

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit