The security researcher and the developer of the Suhosin PHP Extension, Stefan Esser, found a serious arbitrary remote code execution vulnerability and reported it to the PHP Group. As a result, PHP 5.3.10 was released to address the issue.
The update fixes an arbitrary remote code execution vulnerability, CVE-2012-0830. A flaw was found in the way the max_input_vars directive was implemented in php, as a fix for CVE-2011-4885 (php: hash table collisions CPU usage DoS issue).
A remote attacker could send a large number of crafted POST requests, which could crash php or execute arbitrary code with the permission of the user running php.
Users are asked to quickly upgrade to PHP 5.3.10.
Download
PHP 5.3.10 right now from Softpedia. If you feel adventurous, you can check out the development version and download
PHP 5.4.0 RC6, also from Softpedia.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
