Two updates in one blogpost. Just to save me some time I’m mentioning these together.

The PHP update is a security update and a bug fix release. The security issues in question are: CVE-2013-1643 and CVE-2013-1635. Read the ChangeLog for all the information.

Apache is updated due to a security issue and I’m advising you to upgrade. I’ve tried it on my test servers without any problem. The security issues in question were:

  • SECURITY: CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
  • SECURITY: CVE-2012-4558 XSS in mod_proxy_balancer manager interface.

For instructions on how to upgrade PHP and Apache please read: Upgrading PHP or Upgrading Apache .