-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on November 15, 2016, with PHP versions 5.6.28 and 7.0.13. This release addresses vulnerabilities related to CVE-2016-8670. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.28 and all PHP 7.0 users to upgrade to version 7.0.13. AFFECTED VERSIONS All versions of PHP 5.6 through version 5.6.27 All versions of PHP 5.6 through version 7.0.12 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2016-8670 - HIGH PHP 5.6.28 Fixed bug in GD module related to CVE-2016-8670 PHP 7.0.13 Fixed bug in GD module related to CVE-2016-8670 SOLUTION cPanel, Inc. has released updated RPMs for EasyApache 4 on November 15, 2016, with updated versions of PHP 5.6.28 and 7.0.13. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8670 http://php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYKyvyAAoJEJUhvtyr2U3fytsQAKPWdHVwwi9knSIuPldwvs15 jKYgGBRyV6ud7ZRl4QJ9g/XKZO3CTqmY9Bw8Nx657o+vhZ/WW2G9Le+Tc7UJEEvZ i316GWxSeYN2jhyEUbnTGfDctoia7tDHQvUpYRD7yzU0/gG0oRs2pOn8QfCrrMH+ LK6e9POFdk3KIMCpVQP7KzyQLmIXYFzd4nZH+yN/HgH63DAv+JAkruTe7u4dHz1a naTviQjchET66NqE9oC0WCj4cpplnwUao+fA7QF9m35yOR2jIL99mvryycWy3R30 AJ2JYMMdZBG3W1i1q+q67c46qlL14diup4ZJVCZfKOqu7uov0ysUGrq3SUMtJbHj 4zRK+gD8ucC+sIdeddLjg+iiT5kKT6fVbw1CDaMOTUm0Y1kjT3PIp+F/2n4XtZda ssLHVHonJ0C4FSqNJ1YBzY1gs9TO9i6+nKbJHcPXT7bN3yHEN7aHyLT7HNH6yi+A NA2WVZ0JycqOYAAZd+u8QtRu02NeDaOnv9Q7N3v67tqe1yVK1ZG/0uMsr+qEZrBO oXaGopH8peDpAtngMCQSzUxGB3keejMlDyG6bNDry8ap+ExyI0nuXyCge60G+B4s hHFS3KZC438Ud4wHgx0OwYTfZL6/5YHy9PCjjy9W5boP+r1bGsDFbGkoYlVCKT7L d7XCg7512kZIzV8uoeQG =uoX7 -----END PGP SIGNATURE-----