PHP update should be avoided
By Deborah Bates
23/08/2011
Users of the PHP language should avoid the latest update, as it contains a "serious bug" which could cause the script to run incorrectly, The Register confirmed.
PHP users could be subjected to bugs within the update's cryptographic functions if they download it and as such, should steer clear.
A spokesperson for the maintainers of PHP confirmed the news on Php.net, stating: "Due to unfortunate issues with 5.3.7, users should wait with upgrading until 5.3.8 will be released (expected in a few days)."
The representatives then promptly released the new version the next day.
The latest version should also fix any buffer overflow experienced in the original update, which affected the overlog salt. However those who have already downloaded the first version should check their network management system is working properly, in case it has been affected by the bug, before downloading the update.
H-online.com revealed just exactly was wrong with the original update, stating: "In PHP 5.3.7, a security and maintenance update from last week, the crypt function that is used to hash a strong - typically a password fails if an MD5 salt is given as an argument.
"In that case, instead of returning the hashed string, the function merely returns the salt itself."
