[22-Jul-2002] The PHP Group today announced the details of a serious vulnerability in PHP versions 4.2.0 and 4.2.1. A security update, PHP 4.2.2, fixes the issue. Everyone running affected versions of PHP is encouraged to upgrade immediately. The new 4.2.2 release doesn't include other changes, so upgrading from 4.2.1 is safe and painless.

www.php.net

FYI - all versions prior to 4.2.0 do not have this bug. If you're between 4.0.6 and 4.2.0, you're safe. Though upgrading won't hurt.

And 4.3.0 alpha?

</font><blockquote><font size="1" face="Verdana, Helvetica, sans-serif">quote:</font><hr /><font size="2" face="Verdana, Helvetica, sans-serif">Originally posted by Charles Capps:
FYI - all versions prior to 4.2.0 do not have this bug. If you're between 4.0.6 and 4.2.0, you're safe. Though upgrading won't hurt. </font><hr /></blockquote><font size="2" face="Verdana, Helvetica, sans-serif">4.0.6 and 4.0.7 have a different bug, just as exploitable

</font><blockquote><font size="1" face="Verdana, Helvetica, sans-serif">quote:</font><hr /><font size="2" face="Verdana, Helvetica, sans-serif">Although this vulnerability only affects PHP 4.2.0 and 4.2.1, e-matters GmbH has previously identified vulnerabilities in older versions of PHP. If you are running older versions of PHP, we encourage you to review http://security.e-matters.de/advisories/012002.html </font><hr /></blockquote><font size="2" face="Verdana, Helvetica, sans-serif">