The PHP Group has recently released an updated version of the web scripting language primarily to fix security issues as well as to provide application-based and server enhancements to its users. At least two of the five vulnerabilities considered to be critical by the US National Vulnerability Database have been fixed in the PHP version 5.3.6 while the others remain unclassified until now.
The first of which is a format string flaw in the phar extension which could allow a denial of service condition or a remote code execution while the second flaw, the shared memory read functionality which if exploited could also lead to a denial of service condition while also giving access to sensitive areas of system memory as well.
The other fixes included high values for precision INI settings, ZIP archive handling and the reading of EXIF data, and which were all discussed by senior security advisor from Sophos Canada, Chester Wisniewski in a blog post.
The importance of updating your PHP at the earliest, if you do use PHP code for you website, was also considered to be an important task for users that would contain these fixes, and thus alleviate any security issues that might arise in the future.
While Windows users could download these updated from www.php.net, LINUX users would soon gain access to these updates from RSN (Real Soon Now) from your distributions’ update repositories.