-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on September 20, 2016, with PHP versions 5.6.26 and 7.0.11. This release addresses vulnerabilities related to CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, and CVE-2016-7418. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.26 and all PHP 7.0 users to upgrade to version 7.0.11. AFFECTED VERSIONS All versions of PHP 5.6 through version 5.6.25 All versions of PHP 5.6 through version 7.0.10 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2016-7416 - HIGH PHP 5.6.26 Fixed bug in Intl extension related to CVE-2016-7416 PHP 7.0.11 Fixed bug in Intl extension related to CVE-2016-7416 CVE-2016-7412 - MEDIUM PHP 5.6.26 Fixed bug in Mysqlnd module related to CVE-2016-7412 PHP 7.0.11 Fixed bug in Mysqlnd module related to CVE-2016-7412 CVE-2016-7414 - MEDIUM PHP 5.6.26 Fixed bug in Phar module related to CVE-2016-7414 PHP 7.0.11 Fixed bug in Phar module related to CVE-2016-7414 CVE-2016-7417 - MEDIUM PHP 5.6.26 Fixed bug in SPL library related to CVE-2016-7417 PHP 7.0.11 Fixed bug in SPL library related to CVE-2016-7417 CVE-2016-7411 - MEDIUM PHP 5.6.26 Fixed bug related to CVE-2016-7411 CVE-2016-7413 - MEDIUM PHP 5.6.26 Fixed bug in WDDX extension related to CVE-2016-7413 PHP 7.0.11 Fixed bug in WDDX extension related to CVE-2016-7413 CVE-2016-7418 - MEDIUM PHP 5.6.26 Fixed bug in WDDX extension related to CVE-2016-7418 PHP 7.0.11 Fixed bug in WDDX extension related to CVE-2016-7418 SOLUTION cPanel, Inc. has released updated RPMs for EasyApache 4 on September 20, 2016, with updated versions of PHP 5.6.26 and 7.0.11. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7416 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7412 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7414 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7417 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7411 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7413 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7418 http://php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4VeCAAoJEJUhvtyr2U3fEGoP/iJzSWLvAorAi0QBDDAjSDcH 41zDb2lIWnf4RoP4DNzU730x1HEBCla9ROls2/LrmprgoidH6x6hZtpg9GpazGBe DTO0cG636I6KpJ/6n0Q6esTJLDDg9hXo2J9X0tqnNZ2kbo0EZ6LfrI9gHQ+2JlT7 2ESqYKeFqxvdk9akEhqqfb28iKMnZVf8raK7uPnUw3XHJi+zF/9t/KVcK649jk9k D4QE8BznJQ9O4e67l387eNjXX9WBSTxfl09HYGOQ4w6pqXQqQJs8v0s3rPlfX+zG OPvk7xqOsVeavh4SCJwsxtDg35MCheGXn1ku9K76we3jSSLIon0BOyIj2L69rWek CKHj1vkcqRJ8vQUmgkA/k64iMnV/GyEiYlegHUgv3AOkBhhlHSvwt8ay4wGYmKjU dhNtg8zjv7pe4Rm7Q7V/5YTXmBQm8FcTkEpsRB+0p3EKS70ccmMpCQFmV5kp7ClF g+VFgtrt7Reau2uentmNBFJd0NHmKvrWwsIgA1rAPQLd9H1z6Cw9wzi6UzzzoNPm tpSjyMdvAQQGKrUJ+IefSzEihd/MEiKqswVqUn/hQDFAOoXNzx8j42gQ1fIqrv27 GJfxpdhvF6JSPHoAe/bgwRAppncJ2tVup5yEOD+HXdlcQeoKCn7gleTBdU/1Rv1O w5dfQAWu2Z6/1gJC6lPc =DdtV -----END PGP SIGNATURE-----