PHP Magazine has a new post today with some information on a issue that's been brought up with PHP and shtool - a utility that combines several shell scripts into a small, portable tool.

Some distributions are reported to ship a vulnerable version of shtool with their PHP development packages. The vulnerability in shtool is caused by a symbolic-link race condition that may be exploitable by a local attacker to view the contents of temporary files, or to overwrite arbitrary files with the permissions of the victim using shtool.

Users should watch their distribution vendors for updated packages and should consider disabling any versions of shtool that are not known to have been updated.

I'm not completely sure, but I think it's related to this error as posted on SecuriTeam.com...looks like shtool versions 2.0.1 and prior are the ones effected.