This isn't good....
"remote code execution vulnerability. Thats right: An attacker could craft a request, that will execute code on a web server running PHP 5.3.9."
http://isc.sans.org/diary/Critical+PHP+bug+patched/12520
Further confirmed on PHP.net
http://www.php.net/archive/2012.php#id2012-02-02-1
[02-Feb-2012]
The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix.
Security Fixes in PHP 5.3.10:
Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.
All users are strongly encouraged to upgrade to PHP 5.3.10.
Source: WHT
"remote code execution vulnerability. Thats right: An attacker could craft a request, that will execute code on a web server running PHP 5.3.9."
http://isc.sans.org/diary/Critical+PHP+bug+patched/12520
Further confirmed on PHP.net
http://www.php.net/archive/2012.php#id2012-02-02-1
[02-Feb-2012]
The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix.
Security Fixes in PHP 5.3.10:
Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.
All users are strongly encouraged to upgrade to PHP 5.3.10.
Source: WHT
