-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, CVE-2013-0338, CVE-2013-0339, CVE-2013-1969, and CVE-2013-2877. We encourage all PHP 5.5 users to upgrade to PHP version 5.5.15, and all users to upgrade to Libxslt version 1.1.28 and Libxml2 version 2.9.1. AFFECTED VERSIONS All versions of PHP 5.5 before 5.5.15. All versions of Libxslt before 1.1.28. All versions of Libxml2 before 2.9.1. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2014-4670 - MEDIUM PHP 5.5.15 Fixed a bug in the SPL component related to CVE-2014-4670. CVE-2012-6139 - MEDIUM Libxslt 1.1.28 Fixed a bug in the Libxslt library related to CVE-2012-6139. CVE-2012-5134 - MEDIUM Libxml2 2.9.1 Fixed an out of bound access bug in the Libxml2 library related to CVE-2012-5134. CVE-2013-0338 - MEDIUM Libxml2 2.9.1 Fixed a bug in the Libxml2 library related to CVE-2013-0338. CVE-2013-0339 - MEDIUM Libxml2 2.9.1 Fixed a bug in the Libxml2 library related to CVE-2013-0339. CVE-2013-1969 - HIGH Libxml2 2.9.1 Fixed buffer conversion bugs related to CVE-2013-1969. CVE-2013-2877 - MEDIUM Libxml2 2.9.1 Fixed a bug in the Libxml2 library related to CVE-2013-2877. SOLUTION cPanel, Inc. has released EasyApache 3.26.3 with updated versions of PHP 5.5, Libxslt and Libxml2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest versions of PHP, Libxslt and Libxml2. REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6139 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5134 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0338 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877 http://php.net/ChangeLog-5.php#5.5.15 http://xmlsoft.org/ChangeLog.html http://xmlsoft.org/Libxslt/ChangeLog.html -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT07I/AAoJEJUhvtyr2U3fdUcP/Rj+Ke7IlFjAIP3W5u6gDO4M Bbm46r7HOLGFeyqxAZYCcjs0WSn+ifJRQBAClueTnYYbxel4LfWxuEAkuH1Wrx+a OqEJgGB8ljK9rIkEZDlFYbymioLXARqy1SN2GclLZtC71RcwhEv7HWysKuHwxPve hoOrCDax0VodBMBZDshauNeFVX+KEQAPiY8zNxT6yztGmRkiZXQyr1qAZt8tFJAe QcecbR9QzmLfi6ByVsQWzX/Z67eh8M4ncS1tkvMlnpMfbXUb7EcsKvscqExVbkv+ qscFbCf89sEduZ8cOnjN96rBjQZBfg0V5CEyruNLkghBcHZSsYMB0urUAoi8r34D GG54lBmiPjI3583P+Xk5A9/rzAUxCn85RdHqsOHMbWELYViSTBUSiXoUl+Onx9PE C9Ht4Km0Q2SreFuTG66ZPuzH216cducJz1NQRp4FA0hU4QMpkByJ5tBsVGguJ40i ZL6CmQLVoNWh/MTqqO4qtMobUI+Vmr3G71OVkP+SbjCzcvwuUNRb7czSG8Oscn2D iII/lOj6n3webp7V7xA+tu4Hd1/HTs+VyPTASyxprWGfNz7jd7Sh9Jf5zXK8yAFS +APG2Uga0zmmnymbdOWMRbU+889X/pFqcp/kjBTU4YZfithprc8yf4lqSjhkxyTD zCfB2D6v9jW8PnjlVg6Z =M0Px -----END PGP SIGNATURE-----