Version 5.3.9 of PHP has been released to patch a recently disclosed denial of service vulnerability.
"Identified as CVE-2011-4885, the vulnerability allows an attacker to perform what is known as a hash collision attack by forcing the server to process a specially crafted form that contains thousands of values," writes PCWorld's Lucian Constantin.
"A separate DoS vulnerability that can be exploited to read arbitrary memory locations was also addressed in this release," Constantin writes. "Identified as CVE-2011-4566, the flaw stems from a bug in the PHP function that parses exif headers. Attackers can exploit the vulnerability by tricking the server into processing JPEG files with specially crafted offset_val values in their Exif headers."
Go to "Hash Collision DoS Vulnerability Fixed in PHP 5.3.9" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.