PHP.net released their version 5.2.1 which contains a number of security fixes.
"The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to 5.2.1 release as soon as possible. PHP 4.4.5 with equivalent security corrections will be available shortly."(BTW: Since you will have to recompile/test PHP anyway, take a look at security extensions from the hardened php project at www.hardened-php.net/ (in particular 'Suhosin' is nice and not too hard to install and configure)
Swa Frantzen -- net2s.com
Feb 9th 2007
1 decade ago