-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released EasyApache 3.30.2 with PHP versions 5.4.42, 5.5.26, and 5.6.10. This release addresses vulnerabilities related to CVE-2015-2325, CVE-2015-2326, CVE-2015-3414, CVE-2015-3415, and CVE-2015-3416. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.41, all PHP 5.5 users to version 5.5.25, and all PHP 5.6 users to upgrade to version 5.6.9. 
 
AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.41
All versions of PHP 5.5 through version 5.5.25
All versions of PHP 5.6 through version 5.6.9
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2015-2325 - MEDIUM

PHP 5.5.26
Update PCRE library to 8.37 to fix vulnerabilities related to CVE-2015-2325

PHP 5.6.10
Update PCRE library to 8.37 to fix vulnerabilities related to CVE-2015-2325


CVE-2015-2326 - MEDIUM

PHP 5.5.26
Update PCRE library to 8.37 to fix vulnerabilities related to to CVE-2015-2326

PHP 5.6.10
Update PCRE library to 8.37 to fix vulnerabilities related to to CVE-2015-2326


CVE-2015-3414 - HIGH

PHP 5.4.42
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3414

PHP 5.5.26
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3414

PHP 5.6.10
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3414


CVE-2015-3415 - HIGH

PHP 5.4.42
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3415

PHP 5.5.26
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3415

PHP 5.6.10
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3415


CVE-2015-3416 - HIGH

PHP 5.4.42
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3416

PHP 5.5.26
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3416

PHP 5.6.10
Update sqlite to 3.8.10.2 to fix vulnerabilities related to to CVE-2015-3416
 


SOLUTION
cPanel, Inc. has released EasyApache 3.30.2 with updated versions of PHP 5.4.42, PHP 5.5.26, and PHP 5.6.10. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2325
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2326
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3414
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3415
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3416
http://php.net/ChangeLog-5.php
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVfufBAAoJEJUhvtyr2U3f3FYP/2BHOr504uRJi+5yzJxPl5GA
VeGysc+42RVwN0Oq78ynsh5lm9bqAS9umXrTMGkPnS6yL9fkItmZESrkBMx3rS2W
eEQaLrBU3xyVtHgQou4r2l8wVmVYebx0CTzgCWEcjOqN7Hv+qFzALhoGeV2wp69I
V1mSzgmS2ob2EsJ2QRJrC1JKgA2aZxdtmwjJZjVejR5O5+bzAODsADEL+3R1RX1r
0ALP3pvu31XrTFrHfqa1CNN4nKc80cyOIoCsx57ojFIYsAv7s5Jbty/PYuQO57bW
WLymW6m++Mo79zAg6W0nqfVoR61gcm2bF8++7bJ5vZpsn7vYcuu2JbVYpI7oMXnv
fyr+Nys5yr/wxS9HqsaZ4oN3JnSLK4fjWJSjrrMd2dMOTjxQWuq4kPjjcV43OPlw
PBx4TjppOqok1dujMq9zUVkoLi+0bW3jaKDvFI+yXZ7PMYfb5ibHuCHhDqni1vgf
OyhnNkA8+IAlfQLOsf2z6NYbR1nKNpVIUnxHoGbSEz3UrxypRBuszC/2VrddS4mp
J4Hdx/Z/hgvAdVvg/MMoEFxCWSByABZfQhwA7NHthg391GGjtAEtZcYV0XvBLriR
DesZD6Pho0+cfNlvVDovyd+jAQ1q2UatAsruZHsof66AU/w8GFBjly1BzZDoh0ZU
tR6N0SBJToE9WIEDKWNr
=4A5t
-----END PGP SIGNATURE-----