-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
SUMMARY
cPanel, Inc. has released EasyApache 3.24.19 with PHP versions 5.5.13 and 5.4.29. This release addresses the PHP vulnerabilities CVE-2014-0237 and CVE-2014-0238 with fixes to bugs in the fileinfo extension. We encourage all PHP users to upgrade to PHP version 5.5.13 or PHP version 5.4.29.
AFFECTED VERSIONS
All versions of PHP version 5.5 before 5.5.13.
All versions of PHP version 5.4 before 5.4.29.
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2014-0237 - MEDIUM
PHP 5.5.13
Fixed bug in the fileinfo extension related to CVE-2014-0237.
PHP 5.4.29
Fixed bug in the fileinfo extension related to CVE-2014-0237.
CVE-2014-0238 - MEDIUM
PHP 5.5.13
Fixed bug in the fileinfo extension related to CVE-2014-0238.
PHP 5.4.29
Fixed bug in the fileinfo extension related to CVE-2014-0238.
SOLUTION
cPanel, Inc. has released EasyApache 3.24.19 with the updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP.
REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0237
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0238
http://www.php.net/ChangeLog-5.php#5.4.29
http://www.php.net/ChangeLog-5.php#5.5.13
-----BEGIN PGP SIGNATURE-----iQIcBAEBCgAGBQJTjMAsAAoJEJUhvtyr2U3f3MQP/1M0KCFEpjWfnzAcuUJfV93igaRdJCfbTL8VEVLLCHOG2ITcnfOv0zqZg12BKHq0ClW/OHf0bS8BDi0mI/kQC3GYj2B/9TM1wf7ajcyCjmJesQwvc56QcIrQ7EM0FbJNb63ifmIjiqyQ+GjH4VkjSghz3c6hwvrRzmOJFhc9k6o99jaJACic8+HV4eARUzkhykIN3YmedutAy2zUhai5bPLe8xz26sNfK1aitoIr1HSkZ8iFOMzWPNWpkTRaInWkvynpDss67mD9YoVf5qiI3qt1p9AUL1qnpIXu+YyQ/BMSm53V6UEo6VZgh3DpFjpYMsMdRs87btoZsrnRwHwlwV74XgEdeYc/01EUpCJx+yMNnWf5gUYjcc2/WUOC64jGoMFtQyvqq+iT9fJTsivQFN9FaIi2bLNfkrhpZuRK81JwN9Y2nl/IO0vuurq8j1ElU+KZfY7YOcuaEdAl55E2hdoML+Y/iKgsb5sQrSz62xvfDw6HB91ljouMRaYs4CnP/17qxxBU929HfvweV1XDZnRJ8mn9DUZ3GLKGxK+xCmaORwiy2VcWrEpGnN+Iz4jSPqyFO9aVUER6UiCqN8CSCu5fANkwSVEWBbbDnlYaqltcEx1YmVG0kvOXYYHqmveJa2nppx0tMnMRAgtF1oUrKXiDO/dXqMluzPZXe1TRx3Wd=sooP-----END PGP SIGNATURE-----