As expected, the PHP developers have issued version 5.3.8 of the PHP scripting language to address a serious bug found in the previous release. PHP 5.3.8 fixes a bug introduced by the 5.3.7 security update that caused the crypt() function to fail if an MD5 salt was given as an argument. The function is used to hash a string, typically a password, but instead of returning the hashed string, the function merely returned the salt itself.
The update also corrects a bug that caused mysqlnd SSL connections to hang. The developers note that the PHP 5.2.x series is no longer supported, adding that all users are strongly encouraged to upgrade to this latest stable release.
The link for this article located at H Security is no longer available.
