Paketname
php-suhosin
Datum
2011-11-28
Advisory ID
MDVSA-2011:180
Betroffene Versionen
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

A vulnerability was discovered and fixed in php-suhosin:

crypt_blowfish before 1.1, as used in suhosin does not properly
handle 8-bit characters, which makes it easier for context-dependent
attackers to determine a cleartext password by leveraging knowledge
of a password hash (CVE-2011-2483).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 43153149701d77e234344448a8480784  mes5/i586/php-suhosin-0.9.32.1-0.6mdvmes5.2.i586.rpm 
 db1c4e65c03a964c38b8d6001c246a81  mes5/SRPMS/php-suhosin-0.9.32.1-0.6mdvmes5.2.src.rpm

2010.1 i586

 d461e8204a5878c3def6a3c1af150d54  2010.1/i586/php-suhosin-0.9.32.1-0.6mdv2010.2.i586.rpm 
 e19262da680951dca92d1f26447c663f  2010.1/SRPMS/php-suhosin-0.9.32.1-0.6mdv2010.2.src.rpm

2011 x86_64

 aa2cc255aaba77139bef400eb22a8233  2011/x86_64/php-suhosin-0.9.32.1-9.1-mdv2011.0.x86_64.rpm 
 c3605cc71c0909260e4dcf98e3ea851c  2011/SRPMS/php-suhosin-0.9.32.1-9.1.src.rpm

2011 i586

 c5fbc571c0399fe39c9a688ed0aded61  2011/i586/php-suhosin-0.9.32.1-9.1-mdv2011.0.i586.rpm 
 c3605cc71c0909260e4dcf98e3ea851c  2011/SRPMS/php-suhosin-0.9.32.1-9.1.src.rpm

MES5 x86_64

 6a3cb09cdb742644bd37460d879f920e  mes5/x86_64/php-suhosin-0.9.32.1-0.6mdvmes5.2.x86_64.rpm 
 db1c4e65c03a964c38b8d6001c246a81  mes5/SRPMS/php-suhosin-0.9.32.1-0.6mdvmes5.2.src.rpm

2010.1 x86_64

 bb0555f1e35c39975260302b2f399041  2010.1/x86_64/php-suhosin-0.9.32.1-0.6mdv2010.2.x86_64.rpm 
 e19262da680951dca92d1f26447c663f  2010.1/SRPMS/php-suhosin-0.9.32.1-0.6mdv2010.2.src.rpm

Referenzen