Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180)
Medium Nessus Plugin ID 56968
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability was discovered and fixed in php-suhosin :
crypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected php-suhosin package.