-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.1.30, 7.2.19, and 7.3.6.  This release addresses vulnerabilities related to CVE-2019-11038, CVE-2019-11039, and CVE-2019-11040. We strongly encourage all PHP 7.1 users to upgrade to version 7.1.30, all PHP 7.2 users to upgrade to version 7.2.19, and all PHP 7.3 users to upgrade to version 7.3.6.
 
 
AFFECTED VERSIONS
All versions of PHP 7.1 through 7.1.29
All versions of PHP 7.2 through 7.2.18
All versions of PHP 7.3 through 7.3.5

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2019-11038 - MEDIUM
PHP 7.1.30
Fixed bug in GD module related to CVE-2019-11038

PHP 7.2.19
Fixed bug in GD module related to CVE-2019-11038

PHP 7.3.6
Fixed bug in GD module related to CVE-2019-11038

CVE-2019-11039 - MEDIUM
PHP 7.1.30
Fixed bug in iconv module related to CVE-2019-11039

PHP 7.2.19
Fixed bug in iconv module related to CVE-2019-11039

PHP 7.3.6
Fixed bug in iconv module related to CVE-2019-11039

CVE-2019-11040 - MEDIUM
PHP 7.1.30
Fixed bug in Exif module related to CVE-2019-11040

PHP 7.2.19
Fixed bug in Exif module related to CVE-2019-11040

PHP 7.3.6
Fixed bug in Exif module related to CVE-2019-11040



SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on June 5, 2019, with updated versions of PHP versions 7.1.30, 7.2.19, and 7.3.6. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2019-11038
https://nvd.nist.gov/vuln/detail/CVE-2019-11039
https://nvd.nist.gov/vuln/detail/CVE-2019-11040
https://www.php.net/ChangeLog-7.php








-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlz35CEUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd92vg//XtSxENBR715JwuRqdvwVtSvWB+Oc
fROh2RutcWqmvzxuhBKVsecE+Fh40eVcGzHv/4WwJatAZ+3X/CHKz6bK6b3UFrXE
0DzhtYN1AIc3ZVc1GLO3X3a1KK6O8KvWgPb9Obyvw7GYneSL0IFkDqW1SAkmU/rx
kWnr+2PzB0AYRgTE4kR3YABW8vfjoxgKAXEPGNA9iOyCG/Z2cOO50GDYWO3lPz+3
QGMh4TEBDQaJX1fb3ZVHuiCwSfJhG1aclwsrRc+ZoR5i3oUOdJFnk1SfiM1UUQ5J
iZLn6sy5XwgbIzaikfn8JU/t/bk8PZ7jRW8zP9z27GSzjxtC1HdEP7nrNI6GXtOb
USc9AYnVJuJubD2Q/UlttYgxI1CSbq4Bu2kHMDQQL/5+oIiD8+TBJ1VGtj5l76av
preKKSRcTnwdP7641d9h+qgtND7ANTTAMgvnyET2AdUDbxdRU3sEIqH63t6PZCsB
sp+higHFt3ijAexK9MLAkyaUa/Y8uVRdSK1EcytX9rMGPncOML9pWF0nThEa2/e3
FtiPkCtVVoGQMWQkPXgRQlwnCnCgqmczx0MbHe3GGEO2+TLpj4pNLz+LWfV6aRcx
T4PVaJjIi19RYfxD5M05Esl+r6xUEbqYqZ7YF0uymAW5ZwHUP0PajNGe6euS1IFV
hUuyaKZKgQ4bmjc=
=9DOC
-----END PGP SIGNATURE-----