Overview
php5 security update

The blowfish password hashing implementation did not
properly handle 8-characters in passwords, which made it
easier for attackers to crack the hash (CVE-2011-2483).
After this update existing hashes with id "$2a$" for
passwords that contain 8-bit characters will no longer be
compatible with newly generated hashes. Affected users will
either have to change their password to store a new hash or
the id of the existing hash has to be manually changed to
"$2x$" in order to activate a compat mode. Please see the
description of the CVE-2011-2483 glibc update for details.

File uploads could potentially overwrite files owned by the
user running php (CVE-2011-2202).

A long salt argument to the crypt function could cause a
buffer overflow (CVE-2011-3268)

Incorrect implementation of the error_log function could
crash php (CVE-2011-3267)

Fixed bugs
bnc#699711
VUL-1: php5: File upload filename injection
bnc#701491
VUL-0: php5: crypt_blowfish: 8-bit character mishandling
bnc#709549
bnc#715640
VUL-0: php5: error_log function denial of service
bnc#715646
VUL-0: php5: crypt function buffer overflow
CVE#CVE-2011-2483
CVE#CVE-2011-2202
CVE#CVE-2011-3268
CVE#CVE-2011-3267
Selected Binaries
openSUSE Build Service is sponsored by
Places