PHP 5.4.3 and 5.3.13 fix several security issues
Note: This article was originally published at Planet PHP on 9 March 5760.
The PHP team has announced PHP 5.4.3 and 5.3.13, fixing two separate security issues.
- CVE-2012-2311 and CVE-2012-1823 are both fixed now. These are the CVE numbers for the PHP-CGI bug that has been announced by Eindbazen last week, and extensively covered by myself in various posts.
- In addition, CVE-2012-2329 has been fixed, another issue in PHP-CGI. This was a heap overflow triggered by specially crafted HTTP headers and a script executing apache_request_headers().
Read the announcement here: PHP 5.4.3/5.3.13 release announcement