PHP 5.4.3 and PHP 5.3.13 have been released by the PHP development team to fix some critical security issues :
- Source code disclosure with a trivial request (CVE-2012-1823 and CVE-2012-2311) – PHP 5.4 and 5.3 are vulnerable
- buffer overflow in apache_request_headers() (CVE-2012-2329) – only PHP 5.4 is vulnerable.
If you’re using the CGI flavor of PHP, upgrading is highly recommended. You can see more info on PHP’s website and on this useful blog post.
Packages of PHP 5.4.3 and PHP 5.3.13 are available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please also note that they fix the error logging features of PHP-FPM.
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.