IBM i was never affected by (quickly patched) PHP floating point vulnerability

Yesterday an IBM i customer of ours emailed me an announcement he’d received from Zend concerning a vulnerability in PHP concerning floating point numbers. Zend also included instructions for installing their “hotfix.”

Fortunately, IBM i was never affected by this vulnerability, which stemmed from a “design flaw in the x87 floating point unit that is part of an old Intel X86 chipset,” affecting only Intel-based 32-bit PHP builds, according to this NetworkWorld article about the issue.

Here is a table supplied by Zend that shows which platforms were affected (emphasis on non-vulnerability of IBM i added by me):

Platform Vulnerability
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO
1 reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.

This site uses Akismet to reduce spam. Learn how your comment data is processed.