Buffer overflow in the crypt function in PHP before 5.3.7 allows
context-dependent attackers to have an unspecified impact via a long
salt argument, a different vulnerability than CVE-2011-2483.
Patch for php-5.3 and php-5.4:
This vuln. will arise only either or both of the patches below have been applied:
Here strcat is replaced by strncat
Here strncat is replaced by strlcat
And finally the patch to correct this issue reverts strlcat to strcat.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in Fedora in the following updates: