PHP 5.1.6 / 4.4.4 Critical exploits

[pcoeman]

I received this via a maillist. How critical are they and is there a update availble ?

Details: SecurityAlert
Topic : PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
SecurityAlert Id : 42
SecurityRisk : High

 

[smtalk]

Just take a look at http://www.directadmin.com/forum/showthread.php?s=&threadid=14836

 

[xemaps]

you can disable ini_restore and other commands, see google how to or php.net

don't be afraid with each vulnerabilities : have you hackers heberged on your server ?