From over on Slashdot...

The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2, WBB2, Invision Board and vBulletin. It is time to upgrade now.

Announcement:
http://www.hardened-php.net/advisories/012004.txt

PHP downloads:
http://www.php.net/downloads.php

Thanks for the heads up.

damn.

(The text that you have entered is too short. Your post much be atleast 10 characters long.)

You know, this could potentially only affect the "harden php" project and not regular PHP builds.

I see no proof that these exploits affect the regular PHP versions, and I did check the it appears they rewrote the memory manager for PHP, and that is what would generate these kinds of exploits.

No, it's definitely the regular build of PHP, see the release announcement for it:

http://www.php.net/release_4_3_10.php

Oh yeah, I just checked the changelog, and only the unserialize stuff was in there, not the pack and safe mode stuff.