-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 5.6.39, 7.0.33, 7.1.25, and 7.2.13 This release addresses vulnerabilities related to CVE-2018-19518 and CVE-2018-19935. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.39, all PHP 7.0 users to upgrade to version 7.0.33, all PHP 7.1 users to upgrade to version 7.1.25, and all PHP 7.2 users to upgrade to version 7.2.13. AFFECTED VERSIONS All versions of PHP 5.6 through 5.6.38 All versions of PHP 7.0 through 7.0.32 All versions of PHP 7.1 through 7.1.24 All versions of PHP 7.2 through 7.2.12 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2018-19518 - MEDIUM PHP 5.6.39 Fixed bug in IMAP module related to CVE-2018-19518 PHP 7.0.33 Fixed bug in IMAP module related to CVE-2018-19518 PHP 7.1.25 Fixed bug in IMAP module related to CVE-2018-19518 PHP 7.2.13 Fixed bug in IMAP module related to CVE-2018-19518 CVE-2018-19935 - MEDIUM PHP 5.6.39 Fixed bug in IMAP module related to CVE-2018-19935 PHP 7.0.33 Fixed bug in IMAP module related to CVE-2018-19935 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on December 11, 2018, with a updated versions of PHP versions 5.6.39, 7.0.33, 7.1.25, and 7.2.13. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2018-19935 https://nvd.nist.gov/vuln/detail/CVE-2018-19518 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlwQAqEACgkQlSG+3KvZ Td8WKQ//fhJF1Hqulrfl/Yn7X7zOCQjFSs8eU/yz2ZDDIXnZAAamHT3zKCbL0kdt z7eboTjgu+Oxv2RKNyuMuQDFn68FuYP3+Uhkem1SPznKxNPt8frj3vSnjPEZSEBB 3YC3iFMahl1G/IKNVcX+5CK28a/g3S+p1tNT9TdOsuuOgTYDfBBohkXwPmkoZWXh nPbA/OojXc2kS5lnCLwq0IBKUbDkh0tER61/WgrzdY0iBUTmIzerZZnoutYJaLb0 pAUcVjjalL6LeSPT2zgUADXW9IXxWbYvbtRX9QCfQo51Xn7kYjS7IMXoIv3NRDIW UsbiqYat4aKXQrH/Sd+WBKGuv3aBlSYfDFQuc/5bTk1Ve6UaeArOKK8boq66JFt1 G2aOqD+BzxEVjD0YyLJU0nGwqsDw95DD+Jlr2K0feb4XadHDjcplR/00LKZVxCXC JNV41y0Y4BOktvL8RLHDxJEZuDmt9z+DluLSyiPvcHhis++ikqHDrIGeGxzUgTh+ jkagJkQlMk3v2/koZfzRRXZvCU5ALmpRM2vGUl+swsTiXPDJnypMp6AjFFW/gMX6 VIWr7vBcGTonokebLSWD+BWbXxSCMtPSwMQOipnnUx7c4/s5a6wg+HKV6Olzo5Jr hWDJDcT0d/QpLJlH15oC50p6jqIOhudrx0ZCHo+8z2gOEN/2EYM= =8f4m -----END PGP SIGNATURE-----