IBM i was never affected by (quickly patched) PHP floating point vulnerability

Posted on January 5, 2011 by Alan Seiden

Yesterday an IBM i customer of ours emailed me an announcement he’d received from Zend concerning a vulnerability in PHP concerning floating point numbers. Zend also included instructions for installing their “hotfix.”

Fortunately, IBM i was never affected by this vulnerability, which stemmed from a “design flaw in the x87 floating point unit that is part of an old Intel X86 chipset,” affecting only Intel-based 32-bit PHP builds, according to this NetworkWorld article about the issue.

Here is a table supplied by Zend that shows which platforms were affected (emphasis on non-vulnerability of IBM i added by me):

Platform Vulnerability
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO
Mac OS NO
IBM i NO
This entry was posted in IBM i, iSeries, PHP, System i, Zend Server. Bookmark the permalink.

One Response to IBM i was never affected by (quickly patched) PHP floating point vulnerability

  1. Alan Seiden says:
    January 6, 2011 at 3:55 pm

    My tests on v5r4 and v6r1 machines confirm that IBM i is not affected.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>