-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.27, 7.2.16, and 7.3.3 and OpenSSL version 1.0.2r. This release addresses vulnerabilities related to CVE-2019-9637, CVE-2019-9641, CVE-2019-9640, CVE-2019-9638, CVE-2019-9639, CVE-2019-1559, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.27, all PHP 7.2 users to upgrade to version 7.2.16, all PHP 7.3 users to upgrade to version 7.3.3 and all OpenSSL 1.0.2 users to upgrade to version 1.0.2r.
 
 
AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.26
All versions of PHP 7.2 through 7.2.15
All versions of PHP 7.3 through 7.3.2
All versions of OpenSSL 1.0.2 through 1.0.2q

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2019-9637 - HIGH
PHP 7.1.27
Fixed bug in Core module related to CVE-2019-9637

PHP 7.2.16
Fixed bug in Core module related to CVE-2019-9637

PHP 7.3.3
Fixed bug in Core module related to CVE-2019-9637

CVE-2019-9641 - CRITICAL
PHP 7.1.27
Fixed bug in Exif module related to CVE-2019-9641

PHP 7.2.16
Fixed bug in Exif module related to CVE-2019-9641

PHP 7.3.3
Fixed bug in Exif module related to CVE-2019-9641

CVE-2019-9640 - CRITICAL
PHP 7.1.27
Fixed bug in Exif module related to CVE-2019-9640

PHP 7.2.16
Fixed bug in Exif module related to CVE-2019-9640

PHP 7.3.3
Fixed bug in Exif module related to CVE-2019-9640

CVE-2019-9638 - CRITICAL
PHP 7.1.27
Fixed bug in Exif module related to CVE-2019-9638

PHP 7.2.16
Fixed bug in Exif module related to CVE-2019-9638

PHP 7.3.3
Fixed bug in Exif module related to CVE-2019-9638

CVE-2019-9639 - CRITICAL
PHP 7.1.27
Fixed bug in Exif module related to CVE-2019-9639

PHP 7.2.16
Fixed bug in Exif module related to CVE-2019-9639

PHP 7.3.3
Fixed bug in Exif module related to CVE-2019-9639

CVE-2019-1559 - MEDIUM
OpenSSL 1.0.2r
Fixed bug related to CVE-2019-1559

There are other security vulnerabilities included in this release which have not yet been assigned numbers. 

SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 13, 2019, with updated versions of PHP versions 7.1.27, 7.2.16, 7.3.3, and OpenSSL version 1.0.2r. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2019-9637
https://nvd.nist.gov/vuln/detail/CVE-2019-9641
https://nvd.nist.gov/vuln/detail/CVE-2019-9640
https://nvd.nist.gov/vuln/detail/CVE-2019-9638
https://nvd.nist.gov/vuln/detail/CVE-2019-9639
https://nvd.nist.gov/vuln/detail/CVE-2019-1559
http://www.php.net/ChangeLog-7.php
https://www.openssl.org/news/secadv/20190226.txt









-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlyJJUgACgkQlSG+3KvZ
Td96eg//cP4aPeVk9wgWt4fnYM9PVS/IhW0E/uxRXA1W56/1obzFvRkeCbyufMUE
NWetawZzqISOaJyJYNyMI/q9FL6PiTIUWOA+50dmMrx6BoSxmRG9vl5XW2yRt9NH
+z1ZgZcd7TSOFujOqhHWz1rD3d+Oj9+cAljiqVAXPZAKPecTic0SEG3uIp9CvhN1
RpjYVQ74CCah9ovXMa41yzdcEW9vxSY0GNrruVsVl2d+5ati7yoCNQQYtDF5BMdi
L2+E2MhcsIwDL5Yd59F5Lllq/YCkWRk1DROZT78zZV2k7UU7i7r3tRIUQrLIrpOa
3oCkRkvqjGdYehraDtO7tXVsOqymK0hi9yfHgFfocvCN2xq4cR/ue0O2XcKU9fbp
LduQU/gsNYGRfiY76Tp6CwaqhzcGGm+OMH4uT0uErKxU945M4m69Zg75CMy5+b1Q
I4GvGvB+BqOsmm8A9JjQ3tNbftWYLbNsgvR7ok10rUtuOS4HRwDfXfbxjBXQWxM8
lyjDGUw5KxZ/ZCn+r6vXfeOMwp504ucKl/2gNhLl2gOMQYDcSGjkETpNyGho1tMa
ZDVzefJSxib1b+pckwTs+LMmZkVpZpTwE+LKQn91sO+m/5oaZX5OQgkT3WzD6PVV
TotfWaLFUibuTIWzVJ83AD++ndg1wheoHEUmfEdqr4QE5IfOsvY=
=jWCf
-----END PGP SIGNATURE-----