it.ucsf.edu

Security Update:Critical Vulnerability in PHP Could Lead to Data Exposure

Status Type

Security Update

Date and Time

Monday, October 20, 2014 - 16:24

Reason

Security Update

Impact

Website Developers and Programmers Using PHP

WHAT HAPPENED?

The PHP Group announced the release of PHP 5.4.34 to address 4 vulnerabilities and various ‘bugs’. One of the vulnerabilities is classified as critical and could expose servers to data theft or worst.

Advanced Users: For a complete description of the vulnerabilities, affected software and updates refer to PHP 5 ChangeLog at http://php.net/ChangeLog-5.php.


AFFECTED SYSTEMS:

  • PHP 5.4.33 and below

 

WHAT'S THE PROBLEM?

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open scripting language designed for web development but also used as a general-purpose programming language.


HOW DO I PROTECT MY COMPUTER?

  1. If you do not run a website, no action on your part is required.
  2. If you manage your own website and/or use PHP, refer to PHP 5 ChangeLog at http://php.net/ChangeLog-5.php for updates.



RELATED LINKS