From the ‘Hope You’re Not on PHP 4.x‘ files:
If you’re running PHP on your webserver — and you probably are – you really need to update, NOW.
A critical DoS flaw in PHP that was first reported on December 30, 2010 has now been publicly fixed for all PHP users in the open source PHP 5.3.5 and 5.2.17 releases.
According to commercial PHP vendor Zend, the flaw is related to how PHP handleS an internal
conversion of floating
point numbers. An attacker could potential insert a malicious string into a web browser query string, which could then take down a web server.
Though the flaw has been fixed in the 5.3.x and 5.2.x PHP branches, according to Zend, this vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.
WOW.
