Users have been warned to avoid downloading the latest update for the PHP web scripting language following the discovery of faulty components which could pose a security risk.
An advisory posted Monday by the PHP Group warned users against installing the 5.3.7 update. The site instead recommends that users wait for the release of PHP 5.3.8, due for release later this week. Security firm Sans is also advising users to hold off on updating PHP.
Used for web development, the PHP language is often used for scripting purposes on web servers.
According to the PHP Group, the 5.3.7 update contains a faulty encryption component which is unable to properly encrypt data. The flaw prevents the full encryption and proper handling of MD5 encoded data. The group considers the issue to be serious enough to warrant skipping the 5.3.7 release completely.
Researchers noted that the vulnerability did not appear to impair the performance of the PHP or Blowfish encryption components.
The PHP 5.3.7 build was officially released on 18 August. The update was said to contain some 90 bug fixes and performance enhancements as well as at least six security updates. The update was the largest for PHP since the March 2011 release of the PHP 5.3.6 platform.
Read More : v3.co.uk