CVE 2011-2483
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Related bugs and status
CVE-2011-2483 (Candidate) is related to these bugs:
Bug #805258: JtR has been updated to 1.7.8 to fix an irregualrity
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
805258 | JtR has been updated to 1.7.8 to fix an irregualrity | john (Ubuntu) | Undecided | Fix Released |
Bug #813110: CVE-2011-1938
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
813110 | CVE-2011-1938 | php5 (Ubuntu) | Low | Fix Released | ||
813110 | CVE-2011-1938 | php5 (Ubuntu Lucid) | Low | Fix Released | ||
813110 | CVE-2011-1938 | php5 (Ubuntu Maverick) | Low | Fix Released | ||
813110 | CVE-2011-1938 | php5 (Ubuntu Oneiric) | Low | Fix Released | ||
813110 | CVE-2011-1938 | php5 (Ubuntu Natty) | Low | Fix Released |
Bug #813115: CVE-2011-2202
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
813115 | CVE-2011-2202 | php5 (Ubuntu) | Medium | Fix Released | ||
813115 | CVE-2011-2202 | php5 (Ubuntu Hardy) | Medium | Fix Released | ||
813115 | CVE-2011-2202 | php5 (Ubuntu Lucid) | Medium | Fix Released | ||
813115 | CVE-2011-2202 | php5 (Ubuntu Natty) | Medium | Fix Released | ||
813115 | CVE-2011-2202 | php5 (Ubuntu Maverick) | Medium | Fix Released | ||
813115 | CVE-2011-2202 | php5 (Ubuntu Oneiric) | Medium | Fix Released |
Bug #852871: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
852871 | PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability | php5 (Ubuntu) | Undecided | Fix Released | ||
852871 | PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability | php5 (Ubuntu Hardy) | Low | Won't Fix | ||
852871 | PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability | php5 (Ubuntu Lucid) | Low | Fix Released |
Bug #866049: New bug fix releases: 8.4.9, 8.3.16
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.4 (Ubuntu) | Undecided | Invalid | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.4 (Ubuntu Hardy) | Undecided | Invalid | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.4 (Ubuntu Lucid) | Undecided | Fix Released | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.4 (Ubuntu Maverick) | Undecided | Fix Released | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.4 (Ubuntu Natty) | Medium | Fix Released | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.3 (Ubuntu) | Undecided | Invalid | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.3 (Ubuntu Hardy) | High | Fix Released | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.3 (Ubuntu Lucid) | Undecided | Invalid | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.3 (Ubuntu Maverick) | Undecided | Invalid | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.3 (Ubuntu Natty) | Undecided | Invalid | ||
866049 | New bug fix releases: 8.4.9, 8.3.16 | postgresql-8.4 (Debian) | Unknown | Fix Released |
See the
CVE page on Mitre.org
for more details.