cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, CVE-2013-0338, CVE-2013-0339, CVE-2013-1969, and CVE-2013-2877. We encourage all PHP 5.5 users to upgrade to PHP version 5.5.15, and all users to upgrade to Libxslt version 1.1.28 and Libxml2 version 2.9.1.
All versions of PHP 5.5 before 5.5.15.
All versions of Libxslt before 1.1.28.
All versions of Libxml2 before 2.9.1.
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2014-4670 – MEDIUM
Fixed a bug in the SPL component related to CVE-2014-4670.
CVE-2012-6139 – MEDIUM
Fixed a bug in the Libxslt library related to CVE-2012-6139.
CVE-2012-5134 – MEDIUM
Fixed an out of bound access bug in the Libxml2 library related to CVE-2012-5134.
CVE-2013-0338 – MEDIUM
Fixed a bug in the Libxml2 library related to CVE-2013-0338.
CVE-2013-0339 – MEDIUM
Fixed a bug in the Libxml2 library related to CVE-2013-0339.
CVE-2013-1969 – HIGH
Fixed buffer conversion bugs related to CVE-2013-1969.
CVE-2013-2877 – MEDIUM
Fixed a bug in the Libxml2 library related to CVE-2013-2877.
cPanel, Inc. has released EasyApache 3.26.3 with updated versions of PHP 5.5, Libxslt and Libxml2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest versions of PHP, Libxslt and Libxml2.
For the PGP-signed message, see ea 3-26-3 CVE-signed.