Stefan Esser has released the latest version of his Suhosin security patch for PHP:

Yesterday I released Suhosin 0.9.17 in response to a bug report by Ilia Alshanetsky and some crash problems with PHP 4 that were reported during the last weeks.

The issue dealt with a method to "bypass the hard_memory_limit of Suhosin due to a bug in PHP" that could result in memory consumption up into the gigabyte range for a single script. The patch takes care of the issue by not allowing negative memory_limit settings, preventing the problem from happening.