The PHP Security Blog has a new post with some of the PHP security updates that have been released in response to some of the problems recently announced.

Right in time for a scary halloween the phpBB project and the PHP project have released security updates. My advisories and a short article are released at the usual places.

Included in the list are:

• Advisory 17/2005: phpBB Multiple Vulnerabilities
• Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()
• Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability

And, the aforementioned article: $GLOBALS Overwrite and it's Consequences...