Well the month of PHP bugs is fast approaching. If you haven’t been following Stefan Esser’s blog and you run PHP, read this now. Over a 31 day period, starting next Thursday (March 1st), Stefan plans to release one or more vulnerabilities each day in PHP (not particular applications but the underlying language itself). He didn’t comment on if he would give demonstration code or exploit particular applications directly. That’s the bad news.
The good news is that apparently PHP 5.2.1 fixes some of the issues that Stefan will be disclosing. Further, Stefan is the same guy who wrote Suhosin which is a patch for PHP to secure it. My gut tells me Stefan will keep Suhosin up to date, but I have no proof of this. My gut tells me if you run PHP, and if you haven’t updated PHP lately and you don’t run Suhosin, you are in for a rough month. Time to patch up!