I assume this is the correct forum to post.
I tried to search the forum for this first, but didn't find a match, excuse me if it's a double post or if it's in the wrong forum.
<- I assume it's safe to use them for package updates, if you're unsure you could use the official site:http://www.php.net/archive/2012.php#id2012-02-02-1
As for other distros, I don't know, perhaps others would chime in with instructions ?
I hope everybody updates and nobody has any problems because of this remote vulnerability, I don't know the specifics of the vulnerability.