PHP developer the PHP Group has released an updated version of the near-ubiquitous web scripting language designed to fix security flaws and offer other server and application-based security enhancements.
Sophos Canada senior security advisor Chester Wisniewski explained in a blog post that at least two of the five flaws addressed in PHP version 5.3.6 have been rated high severity by the US National Vulnerability Database, while the others remain as yet unclassified.
The first is a format string flaw in the phar extension which could allow remote code execution or a denial of service condition, he said.
"Another vulnerability that was fixed is in the shared memory read functionality," he added. "If exploited it could also cause a denial of service condition and possibly allow the reading of sensitive areas of system memory."
Other fixes addressed issues with with the reading of EXIF data, ZIP archive handling and high values for precision INI settings, he said.
"If you use PHP to drive your web site, update your PHP at your earliest convenience," Wisniewski continued.
"For Linux administrators this package should be available RSN (Real Soon Now) from your distributions' update repositories. Administrators of Windows systems and other platforms should download the latest version from http://www.php.net."
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally