CentOS Errata and Security Advisory CESA-2006:0708-01
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812)
This issue did not affect the PHP packages distributed with Red Hat Enterprise Linux 3 or 4.
Users of PHP should upgrade to these updated packages which contain a backported patch that corrects this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-October/013314.html
Affected packages: php php-devel php-imap php-ldap php-manual php-mysql php-odbc php-pgsql
Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html