Web site operators who use server-side scripting software known as PHP are being urged today to upgrade to a new release that does not contain recently discovered - and apparently serious - security holes. Stefan Esser of Germany-based E-matters, a Web development company, reported that a number of memory-allocation bugs were found in PHP code that handles file uploads, also known as multipart/form-data Post requests.. . .
Web site operators who use server-side scripting software known as PHP are being urged today to upgrade to a new release that does not contain recently discovered - and apparently serious - security holes. Stefan Esser of Germany-based E-matters, a Web development company, reported that a number of memory-allocation bugs were found in PHP code that handles file uploads, also known as multipart/form-data Post requests.

Esser, who is also part of the open-source PHP development team, said versions of PHP 4 for Linux and Solaris prior to a new bug-fix 4.1.2 release contain related vulnerabilities that could allow a hacker to gain control of servers running the software. Some releases of PHP 3 exhibit similar security problems, including an incarnation of one bug that extends beyond Linux and Solaris to most platforms on which PHP is run, Esser said.

The link for this article located at Newsbytes is no longer available.