A vulnerability was discovered and fixed in php-suhosin:

crypt_blowfish before 1.1, as used in suhosin does not properly
handle 8-bit characters, which makes it easier for context-dependent
attackers to determine a cleartext password by leveraging knowledge
of a password hash (CVE-2011-2483).

The updated packages have been patched to correct this issue.