-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 5.6.40, 7.1.26, and 7.2.14. This release addresses vulnerabilities related to CVE-2016-10166, CVE-2018-19935, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.40, all PHP 7.1 users to upgrade to version 7.1.26, and all PHP 7.2 users to upgrade to version 7.2.14.
 
 
AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.39
All versions of PHP 7.1 through 7.1.25
All versions of PHP 7.2 through 7.2.13

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2016-10166 - MEDIUM
PHP 5.6.40
Fixed bug in GD module related to CVE-2016-10166

PHP 7.1.26
Fixed bug in GD module related to CVE-2016-10166

PHP 7.2.14
Fixed bug in GD module related to CVE-2016-10166

CVE-2018-19935 - HIGH
PHP 7.1.26
Fixed bug in IMAP module related to CVE-2018-19935

PHP 7.2.14
Fixed bug in IMAP module related to CVE-2018-19935


There are other security vulnerabilities included in this release which have not yet been assigned numbers. 

SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on January 16, 2019, with a updated versions of PHP versions 5.6.40, 7.1.26, and 7.2.14. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.


 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2018-19935
https://nvd.nist.gov/vuln/detail/CVE-2016-10166
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php









-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlw/YuQACgkQlSG+3KvZ
Td9QkQ//e6dOd6SMs6yo72845CkgCHc/VGHYitvdv4xbaTALpLPKgwq2x3d5VKZg
QkLbgwy2/D3UDc1dQJqSU/qcb4O5QQHhmf3XpflkXfoLjotsdQ5x7rJL+J/PTcK4
C866Lz/TSUfAAU3gssvna7eHXlxc2+P1WsrKWLkd/fTSyt5ocJdgoyTnUVnfXsqb
Q9cBcwdmqGPHfadAkLpS+1i7QYH5EpXRYwHsSu4dv0wpqDYPDQjyRrh7X0wHzRqx
99nnYPCyJw82nYOeBtGLJZWzd7JWQCJ9SI+5HYQzJBchZWeOtzMWaG6TdepFLan5
abW5FA3qLClRhmWS2grraIJBj/X7Kh9RcWQFs8ihRiWjzjrWHrZLpEHXv0Nm7WVB
SHesr+i3s4ylcmr2CTlTOQGPP5QHuA5T/WYtMKApVruA0TKVkk5VQjhkwlOO5NT1
ZxKZ3aehc8chRSfrP7x9nHRCbgFg6aT111DOIj3QwZ3boHWU2Xfv1O3ctz7Ye9h8
6YFylWlyTtkXa5xDkrgK7YYsroBQoCypdYs9hJlG1McbXv8bEP68C0e0STEqk+/p
pGMcucdvmvL4Q0WhgMFTEM8Gi6PXsP8nbZb57cSHJPuz1fRIF9fuVYLuk0qD1p7w
dzqAHFbxYFAMLwfqJ/PtHkDumOf369sIfaaOIQvVso/QzOoxOE4=
=q4+S
-----END PGP SIGNATURE-----