SUSE has announced fixes for the multiple PHP4/5 security problems in several versions of its Linux distribution. . The flaw involved remote code execution. The latest update fixes the following security issues in the PHP scripting language, both version 4 and 5:

• Invalid characters in session names were not blocked.
• CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables
• CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the PHP interpreter.
• CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

There is no known workaround. The necessary precaution to take would be to install the update packages. It is recommended to close and restart all running instances of Apache/Apache2 after the update. The preferred method for installing security updates is to use the 'YaST Online Update (YOU)' tool. ‘YOU’ detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity.

More Info