Mira pongo exactamente el correo urgente de parte de zend que me llegó:
A critical vulnerability in the most recent release of PHP has just been found (CVE-2012-0830). This exploit could allow arbitrary code to be remotely executed on a PHP system. This vulnerability is present both on PHP 5.3.9, and on PHP 5.2.17 that contains a backported fix for CVE-2011-4885.

Zend Server and Zend Server CE 5.6.0 users for Windows or Linux should apply the hotfix immediately:
Linux: run your package manager's update command (see the Zend Server Installation Guide for more details)
Windows: download Hotfix 2
Mac OS: Hotfix 2 is being finalized and will be available next week
(Note – Zend Server is not supported for production use on Mac OS)
IBM i systems running Zend Server 5.6.0 are not vulnerable to this exploit
Previous versions of Zend Server are not vulnerable to this exploit

Happy PHP'ing,
Zend - The PHP Company