PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.A flaw was found in the way PHP converted certain floating point valuesfrom string representation to a number. If a PHP script evaluated anattacker's input in a numeric context, the PHP interpreter could cause highCPU usage until the script execution time limit is reached. This issue onlyaffected i386 systems. (CVE-2010-4645)A numeric truncation error and an input validation flaw were found in theway the PHP utf8_decode() function decoded partial multi-byte sequencesfor some multi-byte encodings, sending them to output without them beingescaped. An attacker could use these flaws to perform a cross-sitescripting attack. (CVE-2009-5016, CVE-2010-3870)A NULL pointer dereference flaw was found in the PHPZipArchive::getArchiveComment function. If a script used this function toinspect a specially-crafted ZIP archive file, it could cause the PHPinterpreter to crash. (CVE-2010-3709)All php users should upgrade to these updated packages, which containbackported patches to resolve these issues. After installing the updatedpackages, the httpd daemon must be restarted for the update to take effect.