Updated PHP packages that fix a security issue are now available for the
Red Hat Application Stack.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
The Hardened-PHP Project discovered an overflow in the PHP htmlentities()
and htmlspecialchars() routines. If a PHP script used the vulnerable
functions to parse UTF-8 data, a remote attacker sending a carefully
crafted request could trigger the overflow and potentially execute
arbitrary code as the 'apache' user. (CVE-2006-5465)
Users of PHP should upgrade to these updated packages which contain a
backported patch to correct this issue.