PHP 5.2.6 Updates for Security
Ilia Alshanetsky PHP 5.2 Release Master has officially announced the availability of PHP 5.2.6. In his release announcement Alshanetsky noted:
This release focuses on improving the stability of the PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.
On the security side there are at least five issues that are addressed in the 5.2.6 update which security vendor Secunia has rated as being 'moderately critical'. The issues if left unpatched could potentially lead to a denial of service (DoS) or unauthorized system access.
One of the flaws was credited to security researcher Stefan Esser, who has been an outspoken critic of PHP security for years and was responsible for the month of PHP bugs effort in 2007.