-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.27, 7.2.16, and 7.3.3 and OpenSSL version 1.0.2r. This release addresses vulnerabilities related to CVE-2019-9637, CVE-2019-9641, CVE-2019-9640, CVE-2019-9638, CVE-2019-9639, CVE-2019-1559, and several other vulnerabilities which have not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.27, all PHP 7.2 users to upgrade to version 7.2.16, all PHP 7.3 users to upgrade to version 7.3.3 and all OpenSSL 1.0.2 users to upgrade to version 1.0.2r. AFFECTED VERSIONS All versions of PHP 7.1 through 7.1.26 All versions of PHP 7.2 through 7.2.15 All versions of PHP 7.3 through 7.3.2 All versions of OpenSSL 1.0.2 through 1.0.2q SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2019-9637 - HIGH PHP 7.1.27 Fixed bug in Core module related to CVE-2019-9637 PHP 7.2.16 Fixed bug in Core module related to CVE-2019-9637 PHP 7.3.3 Fixed bug in Core module related to CVE-2019-9637 CVE-2019-9641 - CRITICAL PHP 7.1.27 Fixed bug in Exif module related to CVE-2019-9641 PHP 7.2.16 Fixed bug in Exif module related to CVE-2019-9641 PHP 7.3.3 Fixed bug in Exif module related to CVE-2019-9641 CVE-2019-9640 - CRITICAL PHP 7.1.27 Fixed bug in Exif module related to CVE-2019-9640 PHP 7.2.16 Fixed bug in Exif module related to CVE-2019-9640 PHP 7.3.3 Fixed bug in Exif module related to CVE-2019-9640 CVE-2019-9638 - CRITICAL PHP 7.1.27 Fixed bug in Exif module related to CVE-2019-9638 PHP 7.2.16 Fixed bug in Exif module related to CVE-2019-9638 PHP 7.3.3 Fixed bug in Exif module related to CVE-2019-9638 CVE-2019-9639 - CRITICAL PHP 7.1.27 Fixed bug in Exif module related to CVE-2019-9639 PHP 7.2.16 Fixed bug in Exif module related to CVE-2019-9639 PHP 7.3.3 Fixed bug in Exif module related to CVE-2019-9639 CVE-2019-1559 - MEDIUM OpenSSL 1.0.2r Fixed bug related to CVE-2019-1559 There are other security vulnerabilities included in this release which have not yet been assigned numbers. SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 13, 2019, with updated versions of PHP versions 7.1.27, 7.2.16, 7.3.3, and OpenSSL version 1.0.2r. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2019-9637 https://nvd.nist.gov/vuln/detail/CVE-2019-9641 https://nvd.nist.gov/vuln/detail/CVE-2019-9640 https://nvd.nist.gov/vuln/detail/CVE-2019-9638 https://nvd.nist.gov/vuln/detail/CVE-2019-9639 https://nvd.nist.gov/vuln/detail/CVE-2019-1559 http://www.php.net/ChangeLog-7.php https://www.openssl.org/news/secadv/20190226.txt -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlyJJUgACgkQlSG+3KvZ Td96eg//cP4aPeVk9wgWt4fnYM9PVS/IhW0E/uxRXA1W56/1obzFvRkeCbyufMUE NWetawZzqISOaJyJYNyMI/q9FL6PiTIUWOA+50dmMrx6BoSxmRG9vl5XW2yRt9NH +z1ZgZcd7TSOFujOqhHWz1rD3d+Oj9+cAljiqVAXPZAKPecTic0SEG3uIp9CvhN1 RpjYVQ74CCah9ovXMa41yzdcEW9vxSY0GNrruVsVl2d+5ati7yoCNQQYtDF5BMdi L2+E2MhcsIwDL5Yd59F5Lllq/YCkWRk1DROZT78zZV2k7UU7i7r3tRIUQrLIrpOa 3oCkRkvqjGdYehraDtO7tXVsOqymK0hi9yfHgFfocvCN2xq4cR/ue0O2XcKU9fbp LduQU/gsNYGRfiY76Tp6CwaqhzcGGm+OMH4uT0uErKxU945M4m69Zg75CMy5+b1Q I4GvGvB+BqOsmm8A9JjQ3tNbftWYLbNsgvR7ok10rUtuOS4HRwDfXfbxjBXQWxM8 lyjDGUw5KxZ/ZCn+r6vXfeOMwp504ucKl/2gNhLl2gOMQYDcSGjkETpNyGho1tMa ZDVzefJSxib1b+pckwTs+LMmZkVpZpTwE+LKQn91sO+m/5oaZX5OQgkT3WzD6PVV TotfWaLFUibuTIWzVJ83AD++ndg1wheoHEUmfEdqr4QE5IfOsvY= =jWCf -----END PGP SIGNATURE-----