The PHP Group released PHP 5.4.3 and PHP 5.3.13 on Tuesday to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.
"The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311)," the PHP developers said in the release notes. Additionally, PHP 5.4.3 fixes a buffer overflow vulnerability, identified as CVE-2012-2329, in the apache_request_headers() function.

The link for this article located at InfoWorld is no longer available.