December 8, 2016

PHP 5.3.8 Released With Fix for Crypt() Bug

A few days ago the PHP project released PHP5.3.7 with over 90 bug fixes – some of them security related. However it was quickly discovered that there should have been 91 bugs fixed in 5.3.7 as the crypt() function  wasn’t working correctly. If crypt() is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts worked as expected.

Now PHP 5.3.8 has been released to remedy this. The only other change is a back peddle in some timeout handling, thus restoring the PHP 5.3.6 behavior, which caused mysqlnd SSL connections to hang.

For a full list of changes in PHP 5.3.8, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.

One of the big security related changes in 5.3.7 was the update of crypt_blowfish to 1.2. For more details on the crypt_blowfish security changes as implemented in PHP 5.3.7+ see the crypt blowfish page.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks