As reported last week, the very popular IUS repository had released updated PHP 5.3 packages that fix the PHP-CGI query string parameter vulnerability. However, we were still waiting for updated packages from Red Hat.
As it turns out, the PHP and PHP53 packages Red Hat provided for versions 5 and 6 of their enterprise Linux distribution several weeks ago were not affected by the second alert regarding the PHP-CGI query string parameter vulnerability.
If you have not already, I strongly suggest that you upgrade these packages on your system.
You can read more about this Red Hat’s reasoning for not releasing updated PHP packages after the initial packages released at the beginning on May 2012 here.