Critical: php security update

BruceLee · **Posted:** Mon Feb 06, 2012 4:12 pm

The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix.
Security Fixes in PHP 5.3.10:
* Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.
All users are strongly encouraged to upgrade to PHP 5.3.10.

SOURCES:
https://rhn.redhat.com/errata/RHSA-2012-0093.html
http://www.php.net/archive/2012.php#id2012-02-02-1

mikeshinn · **Posted:** Mon Feb 06, 2012 4:40 pm

Thank you for the post.

PHP 5.3.10 was released in the atomic channel last week.

With that said, ASL already protects against this vulnerability, as do the Real Time rules, so if you are running ASL or the real time rules you may not need to upgrade. We believe in defense in depth here at Atomicorp, so upgrading is recommended, but not required.

BruceLee · **Posted:** Mon Feb 06, 2012 5:49 pm

Fantastic like always.
Sorry for posting even though you already released 5.3.10.
Better one time to much than the other way around

mikeshinn · **Posted:** Tue Feb 07, 2012 10:20 am

No need to apologize, please feel free to post any security advisory that you think is relevant. We, and I'm sure others, definitely appreciate it. I think its always better to be safe that sorry.

Critical: php security update

Who is online