前段时间更新的php 5.3.4和5.2.16有一个比较严重的BUG,请大家及时更新至新版PHP.如果你使用了DotDeb的源,可以直接更新。
下面引用DotDeb官方公告: http://www.dotdeb.org/2011/01/07/you-really-should-upgrade-to-php-5-3-5-or-5-2-17/ A few days after releasing PHP 5.3.4 and PHP 5.2.16, the PHP group announced an important security update with PHP 5.3.5 and PHP 5.2.17 :
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script from the command line.
All users of PHP are strongly advised to update to these versions immediately.
The Dotdeb packages for Debian “Lenny” 5.0 are now available. You really should upgrade.
发表于 2011-1-7 19:06:53
