-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released EasyApache 3.34.3 with PHP versions 5.5.38 and 5.6.24. This release addresses vulnerabilities related to CVE-2016-5385. We strongly encourage all PHP 5.5 users to upgrade to version 5.5.38 and all PHP 5.6 users to upgrade to version 5.6.24. 
 
AFFECTED VERSIONS

All versions of PHP 5.5 through version 5.5.37
All versions of PHP 5.6 through version 5.6.23
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2016-5385 - HIGH
PHP 5.5
Fixed bug in CORE module related to CVE-2016-5385

PHP 5.6
Fixed bug in CORE module related to CVE-2016-5385

CVE-2016-6289 - MEDIUM
PHP 5.5.38
Fixed bug in CORE module related to CVE-2016-6289

PHP 5.6.24
Fixed bug in CORE module related to CVE-2016-6289


CVE-2016-5399 - MEDIUM
PHP 5.5.38
Fixed bug in bz2 function related to CVE-2016-5399

PHP 5.6.24
Fixed bug in bz2 function related to CVE-2016-5399


CVE-2016-6291 - MEDIUM
PHP 5.5.38
Fixed bug in Exif extension related to CVE-2016-6291

PHP 5.6.24
Fixed bug in Exif extension related to CVE-2016-6291


CVE-2016-6292 - MEDIUM
PHP 5.5.38
Fixed bug in Exif extension related to CVE-2016-6292

PHP 5.6.24
Fixed bug in Exif extension related to CVE-2016-6292


CVE-2016-6207 - MEDIUM
PHP 5.5.38
Fixed bug in GD library related to CVE-2016-6207

PHP 5.6.24
Fixed bug in GD library related to CVE-2016-6207


CVE-2016-6294 - MEDIUM
PHP 5.5.38
Fixed bug in Intl extension related to CVE-2016-6294

PHP 5.6.24
Fixed bug in Intl extension related to CVE-2016-6294


CVE-2016-6290 - MEDIUM
PHP 5.5.38
Fixed bug in CORE module related to CVE-2016-6290

PHP 5.6.24
Fixed bug in CORE module related to CVE-2016-6290


CVE-2016-6295 - MEDIUM
PHP 5.5.38
Fixed bug in SNMP extension related to CVE-2016-6295

PHP 5.6.24
Fixed bug in SNMP extension related to CVE-2016-6295


CVE-2016-6296 - MEDIUM
PHP 5.5.38
Fixed bug in XMLRPC extension related to CVE-2016-6296

PHP 5.6.24
Fixed bug in XMLRPC extension related to CVE-2016-6296


CVE-2016-6297 - MEDIUM
PHP 5.5.38
Fixed bug in Zip extension related to CVE-2016-6297

PHP 5.6.24
Fixed bug in Zip extension related to CVE-2016-6297


CVE-2015-8879 - HIGH
PHP 5.5.38
Fixed bug in ODBC function related to CVE-2015-8879

PHP 5.6.24
Fixed bug in ODBC function related to CVE-2015-8879


CVE-2016-6288 - MEDIUM
PHP 5.5.38
Fixed bug in CORE module related to CVE-2016-6288


SOLUTION
cPanel, Inc. has released EasyApache 3.34.3 with updated versions of PHP 5.5.38 and 5.6.24. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of PHP.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5385
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6289
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5399
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6291
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6292
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6207
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6294
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6290
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6295
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6296
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6297
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6288
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8879
http://php.net/ChangeLog-5.php
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXln0FAAoJEJUhvtyr2U3fTiMQAIbHSdbB5Tu4uzpFU/JVQvwg
UWQ1pkV08a4ZtVREIFu1noap0k8kAIVUgyhyurVnQQLxbhdtSItFBHnGQVX7YX2m
d9f6KexSE6omHgkomHTuj2M4C3wl5SKiJq1//aCbAjo/vsF/l039UlAx2/b0Blb1
aE6/w+dU1wlw3l6M7xmvBjLwzHkB/VStU6w3+o0YN9TLZwUpgX6jKbcbHSJECCk3
DcRPnyt4Q8AbETtHRjTJjrcompoURT2ztzO3Z8Q1bWWmg1dHZkNYtJixiUbd2coN
06k/9SPMlMTMPzeLT2lpsxbVOZW4QAQcy80nvCIDZbBZC3X2tMmT7jM7KSBI+Ehe
iXPf5UsuPOGxJX/ZCHuILvNFlPFuTnKnGd9zs6KE2HEf/z+Y8Se3+pG3aYC55it7
FiEl8CyQ6GrEyN0EP2YwHtP3xopnCN6g7gnIO/7Bbug1WCQDDmAtsiGvG6PEHWEh
eZhQ8D+jaC/Qhy+VsussFoKUMZZPCSJSwcx47/AVqAnu8otXqmEJ+E28spgnks1X
FAHNXi6+IrUotUPx6fcEng8A0NMv46OboEuB6VF4IqrWgfP5rNUi/JPUA9VtN0uL
YoC79xQTCL5qNjjEmzfxR8zQ8th44ldow9jz8WUhBxt3ajBwP2JeDf2nUPXHfGyO
4MqT/FERiT3TsqmENHot
=Q129
-----END PGP SIGNATURE-----