Please Install the Updated Packages.

The php-pecl-apc packages contain APC (Alternative PHP Cache), the framework for caching and optimization of intermediate PHP code. A cross-site scripting (XSS) flaw was found in the &quot apc.php&quot script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack. (CVE-2010-3294) Note: The administrative script is not deployed upon package installation. It must manually be copied to the web root (the default is &quot /var/www/html/&quot , for example). In addition, the php-pecl-apc packages have been upgraded to upstream version 3.1.9, which provides a number of bug fixes and enhancements over the previous version. (BZ#662655) All users of php-pecl-apc are advised to upgrade to these updated packages, which fix these issues and add these enhancements. If the &quot apc.php&quot script was previously deployed in the web root, it must manually be re-deployed to replace the vulnerable version to resolve this issue.

php-pecl-apc on CentOS 6

• http://lists.centos.org/pipermail/centos-announce/2012-July/018713.html

---

Updated on 2015-03-25