-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses PHP vulnerabilities CVE-2013-4073 and CVE-2013-6420 by fixing bugs in the OpenSSL module. We encourage all PHP users to upgrade to PHP versions 5.3.28, 5.4.23, and 5.5.7. AFFECTED VERSIONS All versions of PHP 5.3 before 5.3.28. All versions of PHP 5.4 before 5.4.23. All versions of PHP 5.5 before 5.5.7. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2013-4073 - MEDIUM PHP 5.3.28 Fixed bug in the OpenSSL module related to CVE-2013-4073. CVE-2013-6420 - MEDIUM PHP 5.3.28 Fixed bug in the OpenSSL module related to CVE-2013-6420. PHP 5.4.23 Fixed bug in the OpenSSL module related to CVE-2013-6420. PHP 5.5.7 Fixed bug in the OpenSSL module related to CVE-2013-6420. SOLUTION cPanel, Inc. has released EasyApache 3.22.25 with updated versions of PHP 5.3, 5.4, and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP. REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4073 http://www.php.net/ChangeLog-5.php#5.3.28 -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJSrw63AAoJEJUhvtyr2U3fszMP/11fVhMqCY4oUO7AQ4IWdrVc 6nLm0UUkn1qqVDHCCVlng/1EkkzQ+YRVTKzu+Ina00w1pRQQ5cemhtBYeorHo8ZF /wsvRDq9LEDax83cjiBclOx3GYsNVbvplOegrrdL+IZzoQAD1nvjzmMcuvHStE0+ qEPBw+xTQ0QB20Rv42iGxXi3xrwLzYLlj7QedGWxKRgbj2BhtqGBQ6CL/Skw9LfC 8vrSVrW8AIkZlXb4iUmrPhl5W5w+YHtZT7rVXTaA4LZQ1VEeK8Aqf1is1Ar/CnZK d+fy7pWWgQPRG1Yv8FZWXEbVSqGRIfSj/roz8N8tc5bDssetRl9qypCcK/mqeUPr RlftF6mofc3lChkfcXSJqtssCFtQk/fyHsKAraHn0igFlFhU0qqvwEZzNYAo1nCi hUmW6h6DRChq+2k9h1Y8Q0kaBWgc38yZ44s6+oKg3O/XJpJ9COqk6NhUFrRFjZ4r D1JehC+VFveoTB4BQVINy3uIFRbx7i4aPyb6mmYf9KHFWCvYN01whrFrHhvrGl9d pKIYuskQrPZNJ4nsZ3j7jnWE5MZcukm2uwwXcrTIcX2qZENuKTnaLQ8/qcjwby9C M99S4yOy7ipJKDNLrTpIsDnAaYX6gVajKesZ+5kXT1cA63keI1Un+LvaSP2n+jCL oBxhjnjFGuWS9qhV903M =UDVd -----END PGP SIGNATURE-----