Newly found Vulnerabilities 05/06/08:
PHP 5.2.6 Released
PHP has released version 5.2.6 to address multiple vulnerabilities. These vulnerabilities include:
an error in FastCGI
SAPI which may result stack-based buffer overflow
an integer overflow in printf()
an error in init_request_info(),
which may result in a buffer overflow
an error in cURL,
which may result in safe_mode bypass improper
handling of input passed to escapeshellcmd() a
boundary error in the bundled version of the PCRE library
These vulnerabilities may allow an attacker to execute
arbitrary code, bypass security restrictions, or cause a denial-of-service
condition.
We encourage users to review the PHP 5.2.6 Release
Announcement and update to version 5.2.6.