-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on May 31, 2016, with PHP versions 5.5.36, 5.6.22, and 7.0.7. This release addresses vulnerabilities related to CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093,  and CVE-2016-4343. We strongly encourage all PHP 5.5 users to upgrade to version 5.5.35, all PHP 5.6 users to upgrade to version 5.6.21, and all PHP 7.0 users to upgrade to version 7.0.6.
 
 
AFFECTED VERSIONS

All versions of PHP 5.5 through version 5.5.35
All versions of PHP 5.6 through version 5.6.21
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2016-5096 - MEDIUM
PHP 5.5.36
Fixed bug in the Core module related to CVE-2016-5096

PHP 5.6.22
Fixed bug in the Core module related to CVE-2016-5096

CVE-2016-5094 - MEDIUM
PHP 5.5.36
Fixed bug in the Core module related to CVE-2016-5094

PHP 5.6.22
Fixed bug in the Core module related to CVE-2016-5094

CVE-2013-7456 - MEDIUM
PHP 5.5.36
Fixed bug in the GD library related to CVE-2013-7456

PHP 5.6.22
Fixed bug in the GD library related to CVE-2013-7456

PHP 7.0.7
Fixed bug in the GD library related to CVE-2013-7456

CVE-2016-5093 - MEDIUM
PHP 5.5.36
Fixed bug in the Intl module related to CVE-2016-5093

PHP 5.6.22
Fixed bug in the Intl related to CVE-2016-5093

PHP 7.0.7
Fixed bug in the Intl related to CVE-2016-5093

CVE-2016-4343 - HIGH
PHP 5.5.36
Fixed bug in the phar module related to CVE-2015-8390


SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on May 31, 2016, with updated versions of PHP 5.5.36, PHP 5.6.22, and PHP 7.0.7. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5096
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5094
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7456
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5093
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4343
http://php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXTZXnAAoJEJUhvtyr2U3f1rgP/RC9K1DlDgfGMSx5L4TxyQF/
FSNGVUEvyIP9Blq7h+rNjWOPFx+62jZVDZpYCS5ZNmKdl/5ddtvG39PYHn+AtD56
cxvypfqmZGw/twm7wL5gVRuAya0KCT8gVjgbxdFQ3+ebJiTSigGUP0RbzIEVShN3
F5QQz+mj6144nxSO7emFlDoOQrFzGnycySZAiEXsh/T5cxI+IO2O76aOvk2swuNY
48XAEAkBj8ldRZDw1IpF90c2HyFjaigt4IFrdnwQRfSwov/0n7TaVLk4rijXlxK/
AG7cX027SXed0RIJWDkp8uXxU2HRXW797O5XwnSeq9/41bmNSkwD+Fc+sjc/hjcv
b9oGyNF+BFGg5gj8y+/DalezIJJ+zp2BD0t0aWkAiZbsclyktSUslzfRSbJYgzXu
RApr+li4rgGYhsmYGwpkRh3KZF4LRtj4JX+0xN87Vr5mSB3VQiZusf2xwJZZ5HXw
RWX+lSYt8OxDd8cTpWr15QJin6zTLwGtBGWHWqxteyw0STuKbUrJazmbbL2cYbWk
ch0y3S4zRb0Al9UQUncx3c8Q/KoJxr3r2K54/PFyNlOtcrMSuosZWyQ39yi94SZ7
PHSXEAJ7Z93CL1FaERlc2+JVCp/Ogt/VPuPyHiFw6OB/cMbnKjs9fl2yFLaBwA9f
kAZSRxkORNuAFTKgRjw5
=D0BV
-----END PGP SIGNATURE-----