MDVSA-2011:180
- Package name
- php-suhosin
- Date
- 2011-11-28
- Advisory ID
- MDVSA-2011:180
- Affected versions
- MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability was discovered and fixed in php-suhosin:
crypt_blowfish before 1.1, as used in suhosin does not properly
handle 8-bit characters, which makes it easier for context-dependent
attackers to determine a cleartext password by leveraging knowledge
of a password hash (CVE-2011-2483).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
43153149701d77e234344448a8480784 mes5/i586/php-suhosin-0.9.32.1-0.6mdvmes5.2.i586.rpm db1c4e65c03a964c38b8d6001c246a81 mes5/SRPMS/php-suhosin-0.9.32.1-0.6mdvmes5.2.src.rpm
2010.1 i586
d461e8204a5878c3def6a3c1af150d54 2010.1/i586/php-suhosin-0.9.32.1-0.6mdv2010.2.i586.rpm e19262da680951dca92d1f26447c663f 2010.1/SRPMS/php-suhosin-0.9.32.1-0.6mdv2010.2.src.rpm
2011 x86_64
aa2cc255aaba77139bef400eb22a8233 2011/x86_64/php-suhosin-0.9.32.1-9.1-mdv2011.0.x86_64.rpm c3605cc71c0909260e4dcf98e3ea851c 2011/SRPMS/php-suhosin-0.9.32.1-9.1.src.rpm
2011 i586
c5fbc571c0399fe39c9a688ed0aded61 2011/i586/php-suhosin-0.9.32.1-9.1-mdv2011.0.i586.rpm c3605cc71c0909260e4dcf98e3ea851c 2011/SRPMS/php-suhosin-0.9.32.1-9.1.src.rpm
MES5 x86_64
6a3cb09cdb742644bd37460d879f920e mes5/x86_64/php-suhosin-0.9.32.1-0.6mdvmes5.2.x86_64.rpm db1c4e65c03a964c38b8d6001c246a81 mes5/SRPMS/php-suhosin-0.9.32.1-0.6mdvmes5.2.src.rpm
2010.1 x86_64
bb0555f1e35c39975260302b2f399041 2010.1/x86_64/php-suhosin-0.9.32.1-0.6mdv2010.2.x86_64.rpm e19262da680951dca92d1f26447c663f 2010.1/SRPMS/php-suhosin-0.9.32.1-0.6mdv2010.2.src.rpm