Overview
php5 security update

The blowfish password hashing implementation did not
properly handle 8-characters in passwords, which made it
easier for attackers to crack the hash (CVE-2011-2483).
After this update existing hashes with id "$2a$" for
passwords that contain 8-bit characters will no longer be
compatible with newly generated hashes. Affected users will
either have to change their password to store a new hash or
the id of the existing hash has to be manually changed to
"$2x$" in order to activate a compat mode. Please see the
description of the CVE-2011-2483 glibc update for details.

File uploads could potentially overwrite files owned by the
user running php (CVE-2011-2202).

A long salt argument to the crypt function could cause a
buffer overflow (CVE-2011-3268)

Incorrect implementation of the error_log function could
crash php (CVE-2011-3267)

Fixed bugs
bnc#699711
VUL-1: php5: File upload filename injection
bnc#701491
VUL-0: php5: crypt_blowfish: 8-bit character mishandling
bnc#709549
PHP5 http upload is limited to 2GB
bnc#715640
VUL-0: php5: error_log function denial of service
bnc#715646
VUL-0: php5: crypt function buffer overflow
CVE#CVE-2011-2483
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by
CVE#CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite a
CVE#CVE-2011-3268
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
CVE#CVE-2011-3267
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.
Selected Binaries
openSUSE Build Service is sponsored by
Places