As there is a official workaround which does not fit enough, you could use this from the heise(de) forum, as long as there aren't strong official PHP patches:
Timbalu wrote:Servers using Apache mod_cgi (php5-cgi) are affected by a vulnerability in certain CGI-based setups which shows a scripts sourcecode via a GET url.
Also note that FastCGI is usually not affected by this vulnerability, but depending on your hoster's setup, it could be affected. Apparently (I can't explain this better), you can run FastCGI in different ways. My old hoster offered to run it through an AddHandler statement in the user's .htaccess – that way, FastCGI PHP is still vulnerable to this (that's what their support says; I still have some client accounts there).