-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on January 24, 2017, with PHP version 5.6.30, 7.0.15, and 7.1.1. This release addresses vulnerabilities related to CVE-2017-5350. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.30, all PHP 7.0 users to upgrade to version 7.0.15, and all PHP 7.1 users to upgrade to version 7.1.1. 
 

AFFECTED VERSIONS
All versions of PHP 7.0 through 7.0.14
All versions of PHP 7.1 through 7.1.0
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: 

CVE-2017-5350 - MEDIUM
PHP 7.0.15
Fixed bug related to CVE-2017-5350

PHP 7.1.0
Fixed bug related to CVE-2017-5350

SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on January 5, 2017, with a updated versions of PHP 5.6, 7.0, and 7.1. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
 
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5350
http://www.php.net/ChangeLog-7.php
http://www.php.net/ChangeLog-5.php
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYh5sbAAoJEJUhvtyr2U3futoQAMTRy2He+hX7TeBJiSztVjpT
PSQSuotKOsdfC1R5wNrcjWNTQrTzkngFrvaY1tJCKQb5LfC43KxrVXRo8vqaBq7l
m/zZgIhijUzY43eKZNSqCwRiAYsT7XNPKIrzc3Ftdm/PZNQO+/x+uHFGRh7G82UD
gI5kUk65msoAe3IjMv76BUbE718O5v3IlcJwTZN8yns9p49FDom4f0LCGcadlPDP
31ZgpzUDJ3VmJ8LASpxBQ6kppfC2vxavWb3xTqE5zt4Nqagw+5pA7SVgZ4MEuQjc
jvx1kiXP+uECNBCNJLr6rYSMgswrK0iUEChgGjqQpQPEvnols3DxHxNLvrfcggGZ
Y+TGtAJgiJ9iVdpMs7RvR+Fh/gHeIrBkxRL9GY+LnvOlCgHILE32+6jgxYIx4Qwf
xNZwgq2hBSGSgYeoGgfFIGgvGCtDoQQbG9GWRsgzFnTjxomRHmaymHiKCep6H+Yd
BA3YCkZ5YCcJUTVy6Baj4TOPn8zz2cEtDl4Rf5nhrjbBtsvge7TwlrenRrR5wZMs
Jy79xsWJmZ6Vdajol1Os358v26o8ANtT00CPG3Jnb531kaAnJwQocdEctBsPXwFV
pKpl7BjYACBexoDyLke+vJTcdGCTj8Me6uCZOC6fMNI5DI6pRdEazEMb7R+wuvfS
jLt0c2S84eUQIyLGj9F9
=jB+9
-----END PGP SIGNATURE-----