-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, Inc. has released EasyApache 3.28.8 with PHP versions 5.4.40 and 5.5.24. This release addresses vulnerabilities related to CVE-2015-1351, CVE-2015-1352, CVE-2014-9709, CVE-2015-2301, and CVE-2015-2783. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.40 and all PHP 5.5 users to upgrade to version 5.5.24.
 
AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.39
All versions of PHP 5.5 through version 5.5.23
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2015-1351 - HIGH

PHP 5.5.24
Fixed bug in the OPCache module related to CVE-2015-1351


CVE-2015-1352 - MEDIUM

PHP 5.4.40
Fixed bug in the postgres extension related to CVE-2015-1352

PHP 5.5.24
Fixed bug in the postgres extension related to CVE-2015-1352


CVE-2014-9709 - MEDIUM

PHP 5.4.40
Fixed bug in the GD library related to CVE-2014-9709


CVE-2015-2301 - HIGH

PHP 5.4.40
Fixed bug in the Phar extension related to CVE-2015-2301


CVE-2015-2783 - MEDIUM

PHP 5.4.40
Fixed bug in the Phar extension related to CVE-2015-2783

PHP 5.5.24
Fixed bug in the Phar extension related to CVE-2015-2783


SOLUTION
cPanel, Inc. has released EasyApache 3.28.8 with an updated version of PHP 5.4.40 and PHP 5.5.24. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1351
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1352
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9709
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2301
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2783
http://php.net/ChangeLog-5.php
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJVNOrtAAoJEJUhvtyr2U3fiiYP/2SGzWmOfNU5Rs1VPaMhWRXy
b4Doynin/38UhTgD8/hMLRWcssqHcgkcILjxtr/Ud2je2LaLRwvdK1uuWxQTRx+p
4tODje23Evtd0rDLzAr6NtGvFxa9wpTmq1MzN3llK82aA6DnDR6sE7qrvuGnaRDy
oPm5e5LPq75ukvFkZkzMgu5t6pFzifJjQNMonfiiv7cE/H2hXyhKwAB5QqeIUE2i
seyyC6FNPBWye6YQLizZm+zfXYXHiGZEifryquvY14KVuNZVhiQ9plhGHpWQfJ6I
h6TUYQJ10cyER/X3JEyJ/E9nE4xx45uvcWObiUuw0rzh/eMwLw8/cmgyCrl+7+rX
v6Nc5SvKnBIBN2TsP5k5w33Z1112pm3zUjOUybXS2yEdRK/Ceymv3E4FUY3r4HD7
SQiPjzhBdyzd/+jatkvMNIO2V6RUkE1DLQVh00v7RjqR0jiAMGU/ch4H44TVOUbU
PgkBAfSrtV95K5JDYRsNdEPnIqOq4H7lo/kmwwU9MfciYytBeRtAaR2du74ClW8U
ZOmuUpHajf9U6iYmx7hrGT9zGQ6+p/2t5+0VnPMXfAlstNdPdLT/q3ZMJg8pnNm1
O3a4Lndj7iPA1ode599Zu0ApXrtFh7DIzK/e/kBZ7tjoAT0PLTmtjsFhK6oYiOac
ILyk+TYa9r9CQyUNJXYk
=XPKH
-----END PGP SIGNATURE-----