-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.30, 7.2.19, and 7.3.6. This release addresses vulnerabilities related to CVE-2019-11038, CVE-2019-11039, and CVE-2019-11040. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.30, all PHP 7.2 users to upgrade to version 7.2.19, and all PHP 7.3 users to upgrade to version 7.3.6. AFFECTED VERSIONS All versions of PHP 7.1 through 7.1.29 All versions of PHP 7.2 through 7.2.18 All versions of PHP 7.3 through 7.3.5 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2019-11038 - MEDIUM PHP 7.1.30 Fixed bug in GD module related to CVE-2019-11038 PHP 7.2.19 Fixed bug in GD module related to CVE-2019-11038 PHP 7.3.6 Fixed bug in GD module related to CVE-2019-11038 CVE-2019-11039 - MEDIUM PHP 7.1.30 Fixed bug in iconv module related to CVE-2019-11039 PHP 7.2.19 Fixed bug in iconv module related to CVE-2019-11039 PHP 7.3.6 Fixed bug in iconv module related to CVE-2019-11039 CVE-2019-11040 - MEDIUM PHP 7.1.30 Fixed bug in Exif module related to CVE-2019-11040 PHP 7.2.19 Fixed bug in Exif module related to CVE-2019-11040 PHP 7.3.6 Fixed bug in Exif module related to CVE-2019-11040 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on June 5, 2019, with updated versions of PHP versions 7.1.30, 7.2.19, and 7.3.6. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2019-11038 https://nvd.nist.gov/vuln/detail/CVE-2019-11039 https://nvd.nist.gov/vuln/detail/CVE-2019-11040 https://www.php.net/ChangeLog-7.php -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlz35CEUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd92vg//XtSxENBR715JwuRqdvwVtSvWB+Oc fROh2RutcWqmvzxuhBKVsecE+Fh40eVcGzHv/4WwJatAZ+3X/CHKz6bK6b3UFrXE 0DzhtYN1AIc3ZVc1GLO3X3a1KK6O8KvWgPb9Obyvw7GYneSL0IFkDqW1SAkmU/rx kWnr+2PzB0AYRgTE4kR3YABW8vfjoxgKAXEPGNA9iOyCG/Z2cOO50GDYWO3lPz+3 QGMh4TEBDQaJX1fb3ZVHuiCwSfJhG1aclwsrRc+ZoR5i3oUOdJFnk1SfiM1UUQ5J iZLn6sy5XwgbIzaikfn8JU/t/bk8PZ7jRW8zP9z27GSzjxtC1HdEP7nrNI6GXtOb USc9AYnVJuJubD2Q/UlttYgxI1CSbq4Bu2kHMDQQL/5+oIiD8+TBJ1VGtj5l76av preKKSRcTnwdP7641d9h+qgtND7ANTTAMgvnyET2AdUDbxdRU3sEIqH63t6PZCsB sp+higHFt3ijAexK9MLAkyaUa/Y8uVRdSK1EcytX9rMGPncOML9pWF0nThEa2/e3 FtiPkCtVVoGQMWQkPXgRQlwnCnCgqmczx0MbHe3GGEO2+TLpj4pNLz+LWfV6aRcx T4PVaJjIi19RYfxD5M05Esl+r6xUEbqYqZ7YF0uymAW5ZwHUP0PajNGe6euS1IFV hUuyaKZKgQ4bmjc= =9DOC -----END PGP SIGNATURE-----