Overview

File _patchinfo of Package patchinfo.import5113

<patchinfo incident="apache2-mod_php5" version="5113">
  <issue tracker="bnc" id="699711" />
  <issue tracker="bnc" id="701491" />
  <issue tracker="bnc" id="709549" />
  <issue tracker="bnc" id="715640" />
  <issue tracker="bnc" id="715646" />
  <issue tracker="CVE" id="CVE-2011-2483" />
  <issue tracker="CVE" id="CVE-2011-2202" />
  <issue tracker="CVE" id="CVE-2011-3268" />
  <issue tracker="CVE" id="CVE-2011-3267" />
  <category>security</category>
  <rating>low</rating>
  <summary>php5 security update</summary>
  <description>The blowfish password hashing implementation did not
properly handle 8-characters in passwords, which made it
easier for attackers to crack the hash (CVE-2011-2483).
After this update existing hashes with id &quot;$2a$&quot; for
passwords that contain 8-bit characters will no longer be
compatible with newly generated hashes. Affected users will
either have to change their password to store a new hash or
the id of the existing hash has to be manually changed to
&quot;$2x$&quot; in order to activate a compat mode. Please see the
description of the CVE-2011-2483 glibc update for details.

File uploads could potentially overwrite files owned by the
user running php (CVE-2011-2202).

A long salt argument to the crypt function could cause a
buffer overflow (CVE-2011-3268)

Incorrect implementation of the error_log function could
crash php (CVE-2011-3267)
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places