December 28, 2004
Update Your PHP!
I meant to write about this one several days ago, but it completely slipped my mind what with the holidays and all.
There has been a serious PHP vulnerability reported earlier this month. This is a bad one in that it is serious enough that it would allow people to basically take over your web site and/or server. There are also many builds of PHP that are effected.
My understanding is that they vulnerability is there in both the Windows and *nix versions of PHP, however the can only be fully exploited on a Windows hosting environment. Play it safe though! Apply the patch that is available at PHP.net if the PHP on your server is one of those affected. Or get on your hosting company to tell them to install the patch right away. The script kiddies are already out there looking for vulnerable servers.
According to the reports, the affected versions of PHP include:
4.3.6
4.3.7
4.3.8
4.3.9
5.0 Candidate 1
5.0 Candidate 2
5.0 Candidate 3
5.0.0
5.0.1
5.0.2
5.0.3
More info on the vulnerability can be found at SecurityFocus.com.
We now return to your normal scheduled programming. ;-)