-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released EasyApache 3.32.14 with PHP versions 5.5.36 and 5.6.22. This release addresses vulnerabilities related to CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093, and CVE-2016-4343. We strongly encourage all PHP 5.5 users to version 5.5.36, and all PHP 5.6 users to upgrade to version 5.6.22. 
 
AFFECTED VERSIONS

All versions of PHP 5.5 through version 5.5.35
All versions of PHP 5.6 through version 5.6.21
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2016-5096 - MEDIUM
PHP 5.5.36
Fixed bug in the Core module related to CVE-2016-5096

PHP 5.6.22
Fixed bug in the Core module related to CVE-2016-5096

CVE-2016-5094 - MEDIUM
PHP 5.5.36
Fixed bug in the Core module related to CVE-2016-5094

PHP 5.6.22
Fixed bug in the Core module related to CVE-2016-5094

CVE-2013-7456 - MEDIUM
PHP 5.5.36
Fixed bug in the GD library related to CVE-2013-7456

PHP 5.6.22
Fixed bug in the GD library related to CVE-2013-7456

CVE-2016-5093 - MEDIUM
PHP 5.5.36
Fixed bug in the Intl module related to CVE-2016-5093

PHP 5.6.22
Fixed bug in the Intl related to CVE-2016-5093

CVE-2016-4343 - HIGH
PHP 5.5.36
Fixed bug in the phar module related to CVE-2015-8390



SOLUTION
cPanel, Inc. has released EasyApache 3.32.14 with updated versions of PHP 5.5.36 and PHP 5.6.22. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of PHP.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5096
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5094
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7456
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5093
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4343
http://php.net/ChangeLog-5.php
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXTZYBAAoJEJUhvtyr2U3faCwQAIshNqiTte8sNaU4TLnIaNXu
UwFWQDY52l41E/sQUJJ0AIMMl3lUHvWMKeZjtnWaBxG4htmG/Ux0QmcPWcVKsGzS
sayH2QqAfWGW51EIyX0LZ5p/Rto9wRfYCc/aaOm36K5BVPA5s+1iioMHfLwV5Fsf
z2ZJCFxaNoexZ9OWduvXF6FtljVNJDFp1cPscL/DPYFh5ih2rX9qY2OV5FpyrHdi
SmziUvzXXNtEI9bn/JDGqAkGwhFBBIIUbBX8SZlVnoVwF6d1gcpiNUB0ySZwbx3i
lHvbLB6gF2sF9qL4s8LSLVfxEpSOoSlLK/VboqdIS+nUxOnsrR7Kt/BEccvk6KlK
+N4JBO20B9Vo+JFPj3/s7awjN/u+am0VnE3CAnwrjE3yA7DDINhnEFG2Jlvqoz6a
VcIcOWKMFw/9Lj0byrt8tg4mK0pvl18DzB2CZx2mMYumijaIsIlJI102VpHJbisN
Cu/Y0BeRf5mxWEk1RhbnpJeXpyt7TZlzDqOo+LQ52D9olIDwjx/xaYwruoUiChlT
F0BufNMo5XH3iUaa/ZDooQ2x7ruOTZWr1fJMxSWS3s3lbGcxCQ1NtJrOSI9KDHOn
LgzrG9iqUjsv93rVpDlxpUTJkD6F9MP8dfHqdnHSfmV3iIm7DRlSWI2vZv5BAMqE
ooxXC5JXWKDQeHDCCd9u
=3yoe
-----END PGP SIGNATURE-----