Newsroom

EasyApache 3.32.10 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.32.10 with PHP versions 5.5.32 and 5.6.18. This release addresses vulnerabilities related to CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, and CVE-2015-8394. We strongly encourage all PHP 5.5 users to version 5.5.32, and all PHP 5.6 users to upgrade to version 5.6.18.

AFFECTED VERSIONS

All versions of PHP 5.5 through version 5.5.31
All versions of PHP 5.6 through version 5.6.17

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2015-8383 – HIGH
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8383

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8383

CVE-2015-8386 – HIGH
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8386

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8386

CVE-2015-8387 – HIGH
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8387

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8387

CVE-2015-8389 – HIGH
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8389

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8389

CVE-2015-8390 – HIGH
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8390

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8390

CVE-2015-8391 – HIGH
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8391

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8391

CVE-2015-8393 – MEDIUM
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8393

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8393

CVE-2015-8394 – HIGH
PHP 5.5.32
Fixed bug in PCRE library related to CVE-2015-8394

PHP 5.6.18
Fixed bug in PCRE library related to CVE-2015-8394

SOLUTION
cPanel, Inc. has released EasyApache 3.32.10 with updated versions of PHP 5.5.32 and PHP 5.6.18. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8383
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8386
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8387
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8389
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8390
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8391
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8393
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8394
http://php.net/ChangeLog-5.php

For the PGP-signed message, please see EA 3-32-10 CVE Signed.txt