-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on September 6, 2017, with PHP versions 7.0.23 and 7.1.9 and RubyGems 2.6.13. This release addresses vulnerabilities related to CVE-2017-12932, CVE-2017-0902, CVE-2017-0899, CVE-2017-0900, and CVE-2017-0901. We strongly encourage all all PHP 7.0 users to upgrade to version 7.0.23, all PHP 7.1 users to upgrade to version 7.1.9, and all RubyGems users to upgrade to version 2.6.13. AFFECTED VERSIONS All versions of PHP 7.0 through 7.0.22 All versions of PHP 7.1 through 7.1.8 All versions of RubyGems through 2.6.12 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2017-12932 - HIGH PHP 7.0.23 Fixed bug in the standard library related to CVE-2017-12932 PHP 7.1.9 Fixed bug in the standard library related to CVE-2017-12932 CVE-2017-0902 - HIGH RubyGems 2.6.13 Fix a DNS request hijacking vulnerability related to CVE-2017-0902 CVE-2017-0899 - HIGH RubyGems 2.6.13 Fix an ANSI escape sequence vulnerability r elated to CVE-2017-0899 CVE-2017-0900 - HIGH RubyGems 2.6.13 Fix a DOS vulernerability in the `query` command replated to CVE-2017-0900 CVE-2017-0901 - HIGH RubyGems 2.6.13 Fix a vulnerability in the gem installer related to CVE-2017-0901 SOLUTION cPanel, Inc. has released updated RPMs for EasyApache 4 on September 6, 2017, with updated versions of PHP 7.0 and 7.1 and RubyGems version 2.6.13. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2017-12932 https://nvd.nist.gov/vuln/detail/CVE-2017-0899 https://nvd.nist.gov/vuln/detail/CVE-2017-0900 https://nvd.nist.gov/vuln/detail/CVE-2017-0901 https://nvd.nist.gov/vuln/detail/CVE-2017-0902 http://www.php.net/ChangeLog-7.php https://github.com/rubygems/rubygems/blob/master/History.txt -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZsBDOAAoJEJUhvtyr2U3f9W0QAIR4IT7mPY+LFhFYKEPWe+Pc b93PWadHNWe+Z9R0Kj6RtbXAMqlr7D+ed2fN9F3iRelzBrDKtQftucAAbyrsQlDE WJX1Yu7aaUVVH72AuOG0Jhc3/3gcIWiNT7FLg3rOWoDFtqJTUoO3t3VTRzGRudYo rebdXQJn7+80akoZni+nZwVgqA4J3khPA7NqXYGkX0g05TAyMuqvwlphIzSA8ydQ 0PVmKVBhOy4wpghHYUurkgBqz8lL/8SdWroJnztBBiVSZedVTdIyIsfySExrp+0a Xf062JCMksxui0z3bIPdNxQ8hee17TEFJBXbSsAGp5OyJG4TR+sAzzWAN91isYnE MC9Gha+5BKCoNg/NzlbbKqG8q7iN8c77XtVfAVdDyjwUNFquuIn9XNgNCj87ntvd EcF/ePmX6WUlOvw3s0vyelHarmwyFTHT0DQW1NsmtVbrUC8LZsGH3vCi/TJDQYkr G8XV2JvasiKLolC/xiPtPovxHGKcu2Ef1mEFpG0FGP6+LcySKMSQJK2h7hG7gLRD 4uhRmekL+M51lu/fWeOkTwzMQK8WNi8UeU44gxk1B5n/xJG2kBySFUN1ExC41uwJ mIPqHlRIyoQoG4QjZocQ0isthD6GQa6dlWucXKodp7ZOLesCqAurqv291NPntEBU 0VeKr3WGSRRWoXDq39BF =fGWz -----END PGP SIGNATURE-----