SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.29, 7.2.18, and 7.3.5. This release addresses vulnerabilities related to CVE-2019-11036 and another other vulnerability which has not yet been assigned a number. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.29, all PHP 7.2 users to upgrade to version 7.2.18, all PHP 7.3 users to upgrade to version 7.3.5. AFFECTED VERSIONS All versions of PHP 7.1 through 7.1.28 All versions of PHP 7.2 through 7.2.17 All versions of PHP 7.3 through 7.3.4 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2019-11036 - CRITICAL PHP 7.1.29 Fixed bug in Exif module related to CVE-2019-11036 PHP 7.2.18 Fixed bug in Exif module related to CVE-2019-11036 PHP 7.3.5 Fixed bug in Exif module related to CVE-2019-11036 There is another security vulnerability included in this release which has not yet been assigned a number. SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 13, 2019, with updated versions of PHP versions 7.1.29, 7.2.18, and 7.3.5. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2019-11036 http://www.php.net/ChangeLog-7.php