-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY

The PHP development team announces the immediate availability of PHP 5.4.18.  About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248.  All users of PHP are encouraged to upgrade to this release.  cPanel has released EasyApache 3.22.5 with this updated version of PHP 5.4.18 to address this issue.

AFFECTED VERSIONS

All versions of PHP5 before 5.4.18

SECURITY RATING

The National Vulnerability Database (NIST) has given the following severity rating of these CVEs:
CVE-2013-4113 -- MEDIUM
CVE-2013-4248 -- MEDIUM

PHP 5.4.18

CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27 (also 5.4.x) does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibility have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

CVE-2013-4248:  The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a "character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

SOLUTION

cPanel, Inc. has released EasyApache 3.22.5 with updated version PHP5.4 to correct these issues.  To update, please rebuild your EasyApache profile.  For more information on rebuilding profiles, please consult our documentation (http://go.cpanel.net/ea).
Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run.  Note that EasyApache updates must be done manually.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4248 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4113
http://www.php.net/ChangeLog-5.php#5.4.18
http://php.net/archive/2013.php#id2013-08-15-1
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSE2/QAAoJEJUhvtyr2U3fjlgP/R9r9NLo6j752HZP6uFOadXw
68qM0X0Wyr21tcsV4qctRtS+OAB/82H/y2zxMSWo6m4eDLRdRXOyhvZQDgBOKN3Z
E1rch3JWO74hWGRevWyBQSlQxz+ZiAYszDbyftSBuFbFjY4zbEgbrRV17UY+x57K
bngYZiwXx1Lx8pLbrql7+R1kfr6oQgvEpcLnyqIhVyDA9aa9IzU4uVUtoLtEMOhf
9kP0aVqEuGp99u9HdRmtMxCAiGntzNiLfDbiZKpZG1m5sOSI/M/YFxKvRz9c0Dww
Gg43MvwK9paAzC9RVVyu27oQDFwrUVnzD2hp/zMpnbdJcs3thNwegbYu3ssjyde/
ycHpPXfaxIVR+Hs1ka3TH7iHxXo+yWH5QGgJdZ7VF248B3Y1sLbPrEWXuV6whQXi
I6Gt1rlsgLsHNXDDa4z5+THtqcvGx4icc9tiEOPIgvCHhDTgQ4Gh3SILa8DQThm4
JDYAO0BRLTuJXoYaJFxnlvB6XfKLU7+hXWgNPxVx2acAqQatk+zf9oGI9GqAg87q
gOcX4/LfNDICaH90CFN7RjGdhXVjNtJbqj8daW1VGfN2YxVhCkCIPh0i5GFH9N0m
j0KhqbF795U/8FFlo/9DzWsB04gfsDM9HnOZQ+/SxN4jPYJsIt3G3SD5HbnRVXLb
PlROfJ1b/YFxAy45sSrJ
=gnEJ
-----END PGP SIGNATURE-----