-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ***** CORRECTED ***** SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on January 25, 2017, with PHP version 5.6.30, 7.0.15, and 7.1.1. This release addresses vulnerabilities related to CVE-2016-10161, CVE-2016-10162, CVE-2017-5340, CVE-2016-7479, CVE-2016-10158, CVE-2016-10159, and CVE-2016-10160. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.30, all PHP 7.0 users to upgrade to version 7.0.15, and all PHP 7.1 users to upgrade to version 7.1.1. AFFECTED VERSIONS All versions of PHP 5.6 through 5.6.29 All versions of PHP 7.0 through 7.0.14 All versions of PHP 7.1 through 7.1.0 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2016-10161 - MEDIUM PHP 5.6.30 Fixed bug in Standard library related to CVE-2016-10161 PHP 7.0.15 Fixed bug in Core related to CVE-2016-10161 PHP 7.1.1 Fixed bug in Core related to CVE-2016-10161 CVE-2016-10162 - MEDIUM PHP 7.0.15 Fixed bug in Core related to CVE-2016-10162 PHP 7.1.1 Fixed bug in Core related to CVE-2016-10162 CVE-2017-5340 - MEDIUM PHP 7.0.15 Fixed bug in Core related to CVE-2017-5340 PHP 7.1.1 Fixed bug in Core related to CVE-2017-5340 CVE-2016-7479 - HIGH PHP 7.0.15 Fixed bug in Core related to CVE-2016-7479 CVE-2016-10158 - MEDIUM PHP 5.6.30 Fixed bug in Exif extension related to CVE-2016-10158 PHP 7.0.15 Fixed bug in Exif extension related to CVE-2016-10158 PHP 7.1.1 Fixed bug in Exif extension related to CVE-2016-10158 CVE-2016-10160 - HIGH PHP 5.6.30 Fixed bug in Phar extension related to CVE-2016-10160 PHP 7.0.15 Fixed bug in Phar extension related to CVE-2016-10160 PHP 7.1.1 Fixed bug in Phar extension related to CVE-2016-10160 CVE-2016-10159 - MEDIUM PHP 5.6.30 Fixed bug in Phar extension related to CVE-2016-10159 PHP 7.0.15 Fixed bug in Phar extension related to CVE-2016-10159 PHP 7.1.1 Fixed bug in Phar extension related to CVE-2016-10159 SOLUTION cPanel, Inc. has released updated RPMs for EasyApache 4 on January 25, 2017, with updated versions of PHP 5.6, 7.0, and 7.1. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5340 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10161 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10162 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7479 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10158 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10159 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10160 http://www.php.net/ChangeLog-7.php http://www.php.net/ChangeLog-5.php -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYiScvAAoJEJUhvtyr2U3fK90P/2LbnVLNggaxKQ3doJvTJ43Q qqj0NIcotFKh5+LILUL7ErWflvKopIK9Dw6Qrezt94zoArYqDtBVjoCX7ZI+Uq2F NRSF5kFHVqFQQuYL1fJYnh4YtOWCOJWYXSl5hbTw6wwSwkEfZko7wzvWT587sPz6 3j6YrV3wrGUmRGsg2i5d1MPvAopt4lFwM9eUIUfUq3BB2cVbg51E11SJ0eCR/2d0 j8vLsbvFAVuDQRKwuemk59qXnl7qXvKCriW9yxGVYR0GG5NC0wkLyX5c46oq6OSP sYFxy1MLzx/lqbG/VuciR9WBTmX93dkdDXuEKV+oYsLOnVgKyytxRgMSi1yvoeUh kTXAKEG+oAwmwPdNAnAMQY6fZ62xZZfPFkbDD9+1kxyujFaI7mdnQ3ue+2vdIeXl OyIr02Hs14Gbo5Ehz+grS9uGgleMDozybEi+FDQ8+4mD5azjqakBXDeHBzYbPJ9n yy3q/tWpZaWJzpxzD4L+keGlF46pbcf8l/LN7nyIaJ6f63ecBxd7MoCO+hayxIJJ H+zD21jUMVhJ/PpX4OO6jck0FKwL2HN7H7h0cNcgLMCSYm1p/tYBOnpP82xArRel smyO/5HuGjtVtOVxR3k21n4ZvjFmJr+zclCNAp9tRnhjLyx+fBCuBSffdlY1ZWnX RbiaoBQ/m5O6ifNzDcES =AQz1 -----END PGP SIGNATURE-----