=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN142
_____________________________________________________________________

DATE                      : 21/02/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running PHP versions prior to 5.3.5.

======================================================================
http://php.net/releases/5_3_5.php
______________________________________________________________________

PHP 5.3.5 Release Announcement

The PHP development team would like to announce the immediate availability
of PHP 5.3.5.

This release resolves a critical issue, reported as PHP bug #53632, where
conversions from string to double might cause the PHP interpreter to hang
on systems using x87 FPU registers.

The problem is known to only affect x86 32-bit PHP processes, regardless
of whether the system hosting PHP is 32-bit or 64-bit. You can test whether
your system is affected by running this script from the command line.

All users of PHP are strongly advised to update to these versions immediately.

Security Enhancements and Fixes in PHP 5.3.5:

    * Fixed bug #53632 (PHP hangs on numeric value 2.2250738585072011e-308).
(CVE-2010-4645)



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================