A critical vulnerability in the most recent release of PHP has just been found (CVE-2012-0830). This exploit could allow arbitrary code to be remotely executed on a PHP system. This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.
Zend Server and Zend Server CE 5.6.0 users for Windows or Linux should apply the hotfix immediately:
Linux: run your package manager's update command (see the Zend Server Installation Guide for more details)
Windows: download Hotfix 2
Mac OS: Hotfix 2 is being finalized and will be available next week
(Note – Zend Server is not supported for production use on Mac OS)
IBM i systems running Zend Server 5.6.0 are not vulnerable to this exploit
This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact