Critical bug found in latest PHP release, users advised against updating
PHP users are advised against upgrading to the latest (5.3.7) release of the scripting language because a critical flaw has been spotted only a day before its release.
The bug in question influences the input handling of the crypt() function. “If crypt() is executed with MD5 salts, the return value consists of the salt only,” explained in short the founder of the bug. “DES and BLOWFISH salts work as expected.”
The 5.3.7 release has fixed a number of preexisting bugs, including a flaw with the crypt() function that was unconnected to this new one.
According to one of the PHP developers, the bug has been fixed in an intermediate version and a new stable PHP version will be released very soon.