PHP developer the PHP Group has released an updated version of the near-ubiquitous web scripting language designed to fix security flaws and offer other server and application-based security enhancements.
Sophos Canada senior security advisor Chester Wisniewski explained in a blog post that at least two of the five flaws addressed in PHP version 5.3.6 have been rated high severity by the US National Vulnerability Database, while the others remain as yet unclassified.
The first is a format string flaw in the phar extension which could allow remote code execution or a denial of service condition, he said.
"Another vulnerability that was fixed is in the shared memory read functionality," he added. "If exploited it could also cause a denial of service condition and possibly allow the reading of sensitive areas of system memory."
Other fixes addressed issues with with the reading of EXIF data, ZIP archive handling and high values for precision INI settings, he said.
"If you use PHP to drive your web site, update your PHP at your earliest convenience," Wisniewski continued.
"For Linux administrators this package should be available RSN (Real Soon Now) from your distributions' update repositories. Administrators of Windows systems and other platforms should download the latest version from http://www.php.net."
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software