SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.29, 7.2.18, and 7.3.5. This release addresses vulnerabilities related to CVE-2019-11036 and another other vulnerability which has not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.29, all PHP 7.2 users to upgrade to version 7.2.18, all PHP 7.3 users to upgrade to version 7.3.5.
 
 
AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.28
All versions of PHP 7.2 through 7.2.17
All versions of PHP 7.3 through 7.3.4

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2019-11036 - CRITICAL
PHP 7.1.29
Fixed bug in Exif module related to CVE-2019-11036

PHP 7.2.18
Fixed bug in Exif module related to CVE-2019-11036

PHP 7.3.5
Fixed bug in Exif module related to CVE-2019-11036


There is another security vulnerability included in this release which has not yet been assigned a number. 

SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 13, 2019, with updated versions of PHP versions 7.1.29, 7.2.18, and 7.3.5. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2019-11036
http://www.php.net/ChangeLog-7.php