The PHP development team first released 5.4.2 which had a security fix for CGI string parameters and shortly thereafter the released 5.4.3 which solved some other security problems with buffer overflows. I urge you to update it if you are using older versions on a production platform. I’ve successfully tested it on my servers without a noticeable problem.

  • Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
  • Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
  • Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

To see the complete buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.