-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released EasyApache 3.28.2 with PHP versions 5.4.37 and 5.5.21. This release addresses vulnerabilities related to CVE-2015-0231, CVE-2014-9427, and CVE-2015-0232 by fixing bug in the Core module, Exif extension, and CGI. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.37 and all PHP 5.5 users to upgrade to version 5.5.21.
 
AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.36
All versions of PHP 5.5 through version 5.5.20
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2015-0231 - MEDIUM

PHP 5.4.37
Fixed bug in the Core module related to CVE-2015-0231

PHP 5.5.21 
Fixed bug in the Core module related to CVE-2015-0231

CVE-2014-9427 - HIGH

PHP 5.4.37
Fixed bug in CGI related to CVE-2014-9427

PHP 5.5.21
Fixed bug in CGI related to CVE-2014-9427


CVE-2015-0232 - MEDIUM

PHP 5.4.37
Fixed bug in Exif related to CVE-2015-0232

PHP 5.5.21
Fixed bug in Exif related to CVE-2015-0232


SOLUTION
cPanel, Inc. has released EasyApache 3.28.2 with an updated version of PHP 5.4.37 and PHP 5.5.21. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.
 
REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0231
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9427
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0232
http://php.net/ChangeLog-5.php
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUwxP0AAoJEJUhvtyr2U3favYP/jB33XG8K4j4qKOdAQ5zDgv6
0JeVDkj+cDSualGmUGl2caS/WBFTaJrgKkcraiYO2gmObKdN/HMEaEnrcHWjKctz
P1cQCO8vPfyURTHmAoHZoGpMlRCDkeKgZ66LF6PDUteOUpTJ0XOXJgf+NQ0eXA08
hZk7vx2Ge5C7k9jUGHZ5VpvZ8YJsvye1qGl8YJiROrArWl1jZDDc+C+volpXIfD5
SHjlb2X4pg89nodjT7eQT6aAnv5KIF3cZMRZaU48E6rkTHMWDeJuBZHWr8lU5dtB
IVdGPZHXnuuTf+Np4jiDwGPEJaHsrpI8dRHU1UcAhU/7XCbhppxngXWE7p0Hlyza
1xqWr/wMeU1m+DpCxLwhFxzFbv97eQqiY5KXzxjPjHrgFJ1z/LScVVF8eI/wO63t
0Kue80SURjEa5I7mS00UTLhycQLRd1Fq3mLvS7bUhgKC6OmuT/YbiGgsATxNVFQr
rwN1u05WhnThKHZhxE06ivdoZY2JVAdbMT9XyIflBcXDUUf/R57GpdeQi63FcJmm
lNHmyRB6rjppjIRLStlE4SABt//aXEnQLszjIWTncyNoG546/EJYyb7C8iuY12Fr
9zVm0D8rfuBl6LsU2J8GT9EIl+3Y7n2j7hqE7UGUlpNZCq0lbzKHgcfBYFKzzEWR
3IvSh1vG2nhVncoPfnS/
=GBF5
-----END PGP SIGNATURE-----