-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on May 3, 2016, with PHP versions 5.5.35, 5.6.21, and 7.0.6. This release addresses vulnerabilities related to CVE-2016-3074 and CVE-2016-3078. We strongly encourage all PHP 5.5 users to upgrade to version 5.5.35, all PHP 5.6 users to upgrade to version 5.6.21, and all PHP 7.0 users to upgrade to version 7.0.6.
 
AFFECTED VERSIONS

All versions of PHP 5.5 through version 5.5.34
All versions of PHP 5.6 through version 5.6.20
All versions of PHP 7.0 through version 7.0.5.
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2016-3074 - MEDIUM
PHP 5.5.35
Fixed bug in the GD library related to CVE-2016-3074

PHP 5.6.21
Fixed bug in the GD library related to CVE-2016-3074

PHP 7.0.6
Fixed bug in the GD library related to CVE-2016-3074

CVE-2016-3078 - MEDIUM
PHP 7.0.6
Fixed bug in ZipArchive related to CVE-2016-3078


SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on May 3, 2016, with updated versions of PHP 5.5.35, PHP 5.6.21, and PHP 7.0.6. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3074
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3078
http://php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXJ5RxAAoJEJUhvtyr2U3fZFMP/jOnrMvE8s5NEfdt348j4OS3
iiOGzRXf8FlolN5J2Gi3x615eEsGxuxcz4/Q917NMAdyC7tNJcDrVOipdK3gXDvw
hLti1Im0WvTXREtmsLFUzgEWulruIxka6XtiK/lnmPwbqu66b3BP0KslG6EwOxYl
Hh5su6XVVjQfwct6+elYhFPD1zrJqYoSJJAqnQAr4b6oQR1d9hci30pSy0fGdp++
aiFEvC6GoOHWaeFJkKhH/66QOp46x6IPM5BnW5WcNe9VG+SQ4sw9GRgFC5RKyEev
qK6v+vOFFXuljyNjdiPSwnb6ieRGMk35k3DSF7JjwO8lyXi6MQCGH1h0ojILtnSB
G0YoWcaXBsIqvjCL8aU3bzZdAwJweAgibUsXynNNVXn4AHWgavdxYkymU0WLbmDA
Su4M3vVI5TXlbW7NB3IIhJJQ7Mjv+7neVKL87nZ8Rksi6AjA+XUV60cqHVv0RXkd
t+9ZAzLTVwfHvXUC3d93er/ei6ZIhd+3rfN+b5MFvEMu1KG8fUD1Y74q8Ela/Z7Y
rLVO4muubifeaykzPTHmq6U1sUNgskI5oDU0z/xjqCYdrlLcPDNWxHuWouBKMHTX
EoBleCBEPiYhWwH+RTCFuinSqckJ0mvVp+/TDAJaME8mlMkvYYGG9LO9VmidL3vm
7j/fP9oNgBSMuvG0FfpE
=6+n9
-----END PGP SIGNATURE-----