Sept 10 2014: PHP vulnerability notification


It was discovered that PHP did not properly handle certificates with NULLcharacters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.


We recommedn our affiliates connecting to us by PHP invoking HTTPS (SSL)  POST requests that they patch their systems accordingly.

For more information about which versions of linux bundles are affected please go to: