A critical security vulnerability has been discovered in PHP 5.3.9 (CVE-2012-0830), which was ironically introduced by the fix for a previous security vulnerability.
The Problem
PHP 5.3.9 had received a patch against hash collision attacks (CVE-2011-4885). However, this patch contained a bug that opened a new, even more severe vulnerability: Remote Code Execution.
Affected Versions
Only PHP 5.3.9 is affected. Older versions (5.3.8 and earlier) as well as newer versions (5.3.10 and higher) are not vulnerable.
Solution
Update immediately to PHP 5.3.10 or higher. The update fixes the Remote Code Execution vulnerability while maintaining the hash collision protection.
Managed Server Customers
All Managed Servers running PHP 5.3.9 have already been updated to the patched version. Customers who were still on PHP 5.3.8 or older are not affected by this specific vulnerability.
For questions, contact us at info@ingate.de.
