If you’re running PHP on your webserver — and you probably are – you really need to update, NOW.
According to commercial PHP vendor Zend, the flaw is related to how PHP handleS an internal
conversion of floating
point numbers. An attacker could potential insert a malicious string into a web browser query string, which could then take down a web server.
Though the flaw has been fixed in the 5.3.x and 5.2.x PHP branches, according to Zend, this vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.