-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on July 26, 2016, with PHP versions 5.5.38, 5.6.24, and 7.0.9. This release addresses vulnerabilities related to CVE-2016-5385, CVE-2016-6289, CVE-2016-5399, CVE-2016-6291, CVE-2016-6292, CVE-2016-6207, CVE-2016-6294, CVE-2016-6290, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2015-8879, and CVE-2016-6288. We strongly encourage all PHP 5.5 users to upgrade to version 5.5.38, all PHP 5.6 users to upgrade to version 5.6.24, and all PHP 7.0 users to upgrade to version 7.0.9.
 
 
AFFECTED VERSIONS

All versions of PHP 5.5 through version 5.5.37
All versions of PHP 5.6 through version 5.6.23
All versions of PHP 5.6 through version 7.0.8
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2016-5385 - HIGH
PHP 5.5.38
Fixed bug in CORE module related to CVE-2016-5385

PHP 5.6.24
Fixed bug in CORE module related to CVE-2016-5385

PHP 7.0.9
Fixed bug in CORE module related to CVE-2016-5385


CVE-2016-6289 - MEDIUM
PHP 5.5.38
Fixed bug in CORE module related to CVE-2016-6289

PHP 5.6.24
Fixed bug in CORE module related to CVE-2016-6289

PHP 7.0.9
Fixed bug in CORE module related to CVE-2016-6289


CVE-2016-5399 - MEDIUM
PHP 5.5.38
Fixed bug in bz2 function related to CVE-2016-5399

PHP 5.6.24
Fixed bug in bz2 function related to CVE-2016-5399

PHP 7.0.9
Fixed bug in bz2 function related to CVE-2016-5399


CVE-2016-6291 - MEDIUM
PHP 5.5.38
Fixed bug in Exif extension related to CVE-2016-6291

PHP 5.6.24
Fixed bug in Exif extension related to CVE-2016-6291

PHP 7.0.9
Fixed bug in Exif extension related to CVE-2016-6291


CVE-2016-6292 - MEDIUM
PHP 5.5.38
Fixed bug in Exif extension related to CVE-2016-6292

PHP 5.6.24
Fixed bug in Exif extension related to CVE-2016-6292

PHP 7.0.9
Fixed bug in Exif extension related to CVE-2016-6292


CVE-2016-6207 - MEDIUM
PHP 5.5.38
Fixed bug in GD library related to CVE-2016-6207

PHP 5.6.24
Fixed bug in GD library related to CVE-2016-6207

PHP 7.0.9
Fixed bug in GD library related to CVE-2016-6207


CVE-2016-6294 - MEDIUM
PHP 5.5.38
Fixed bug in Intl extension related to CVE-2016-6294

PHP 5.6.24
Fixed bug in Intl extension related to CVE-2016-6294

PHP 7.0.9
Fixed bug in Intl extension related to CVE-2016-6294


CVE-2016-6290 - MEDIUM
PHP 5.5.38
Fixed bug in CORE module related to CVE-2016-6290

PHP 5.6.24
Fixed bug in CORE module related to CVE-2016-6290

PHP 7.0.9
Fixed bug in Session module related to CVE-2016-6290


CVE-2016-6295 - MEDIUM
PHP 5.5.38
Fixed bug in SNMP extension related to CVE-2016-6295

PHP 5.6.24
Fixed bug in SNMP extension related to CVE-2016-6295

PHP 7.0.9
Fixed bug in SNMP extension related to CVE-2016-6295


CVE-2016-6296 - MEDIUM
PHP 5.5.38
Fixed bug in XMLRPC extension related to CVE-2016-6296

PHP 5.6.24
Fixed bug in XMLRPC extension related to CVE-2016-6296

PHP 7.0.9
Fixed bug in XMLRPC extension related to CVE-2016-6296


CVE-2016-6297 - MEDIUM
PHP 5.5.38
Fixed bug in Zip extension related to CVE-2016-6297

PHP 5.6.24
Fixed bug in Zip extension related to CVE-2016-6297

PHP 7.0.9
Fixed bug in Zip extension related to CVE-2016-6297


CVE-2015-8879 - HIGH
PHP 5.5.38
Fixed bug in ODBC function related to CVE-2015-8879

PHP 5.6.24
Fixed bug in ODBC function related to CVE-2015-8879


CVE-2016-6288 - MEDIUM
PHP 5.5.38
Fixed bug in CORE module related to CVE-2016-6288


SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on July 26, 2016, with an updated versions of PHP 5.5.38, 5.6.24, and 7.0.9. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5385
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6289
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5399
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6291
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6292
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6207
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6294
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6290
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6295
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6296
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6297
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6288
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8879
http://php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXlnzpAAoJEJUhvtyr2U3fK4YQAME5tiiXA36YYk5HWGeL58rL
n0l0p8G1tncnImQ/mc64rDYIEFd2VxRXQ1OP8LuNTCojj/1LMXicOvlmRA7FfXxK
VAtISCd6maZH0WC0B43f54Nwm3r2KsibpK2/aEC+jNKANh+9jTgX3HvYUBCcdADo
k48+qqMuCB0MXY6MRh4S3JjrVYfzTYS2qUutJADPGccFFsCsvMXUvJAnhC6BFTzR
/hm2HUEgH3Sdsr8P5pGGsRpxVB7hotgvpBGl4o9nrLwTwwHxSOV/vdUM1lNUk6P8
+2YeUHjMRyqbVIgT7Wt0p01dJ+2nZsoMbSQvRAHJ2p2ylVSyBnl/EiKR6H+e6tSs
YI7Q5WTCdbpdTH3vVvYLVYY/kIwGE3nj0dk9xIEonAawYdLLTwVIK2R91FFBEvP8
MKpP17Ei7G4yDr3Euhpro3vn0Rs+1ZQpQV/7s2ydE4J54E07rFb/EnNU2oDdhjRF
AwQFCFFmBByr2eI7baBHwOBkhNnzAUaeHe7o31NEeL82cxCUKQwWS6CG3Y1FzdF7
GKnwlyEOS8YuoufRPck+nPsOkK0uWaxFA82+YqsAEL0JCBsZgSzWfOq5N6SeaL71
BXCqkJ0POQuHrj44lhw3Hfbl7SdSotzPHms7llMdQ4JSR5+grVkh0Rr+H/mZe3ih
S77F5u8FNTeagYJF28JN
=jeIq
-----END PGP SIGNATURE-----