-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Ruby version 2.4.7, and PHP versions 7.2.23 and 7.3.10. This release addresses vulnerabilities related to CVE-2012-6708, CVE-2015-9251, and two others which have not yet been assigned numbers. We strongly encourage all Ruby users to upgrade to version 2.4.7, all PHP 7.2 users to upgrade to version 7.2.23, and all PHP 7.3 users to upgrade to version 7.3.10.
 
 
AFFECTED VERSIONS
All versions of Ruby through 2.4.6
All versions of PHP 7.2 through 7.2.22
All versions of PHP 7.3 through 7.3.9

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2012-6708 - MEDIUM	
Ruby 2.4.7
Fixed bug related to CVE-2012-6708

CVE-2015-9251 - MEDIUM
Ruby 2.4.7
Fixed bug related to CVE-2015-9251

Several more CVEs for PHP versions 7.2 and 7.3 which have not yet been assigned a number.



SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on October 2, 2019, with updated versions of Ruby 2.4.7 7.66.0 and PHP versions 7.2.23 and 7.3.10. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2012-6708
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-4-7-released/
https://www.php.net/ChangeLog-7.php











-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl2UzPgUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8u8w/+KPIfuTP0JYe3cjiuBCRJ40q2sCUr
kIQ+qthSs4giUJktGiu3qGWjLACDmhFGtQG9gv1EcENs9oMIfy6YmrckF30E1J2T
Ic5PB9JvCiZAStJGDxBr7XAsOcVAdCwb9S/xMUO/EbUuOYU4z5MKZ+JYEvK0uvc+
MFQz48C/ESMy8T148CYNtry625QMhWiYgG9MzGoju/ltbI+UvzCmt1yD2ovG+bSa
QBLlmNXNoKsPFbkpuOUz8Gn1s647bqRlDS9kGGfB3iX22vyXPJGlY1UxBfVf2K48
KvBb/kFWwE9sytgkzjFFhy0t297eFj2aplOSACwOf4+OxDQQJ+1PRXnGjLWLazQg
+eTeSwvG7zKKDxRirLOy/rVxzTbjXZWDZeOg/QAIhLu7T8B/sRTNVj+x9JBNWRHn
ZmpmN/r9y8Li6DiiIrBbN8d3b9WU+PTox0N36kwROSJO5/nmIt+lcaW0Yc46352A
EdcGHjHqdDqDDmddmW1vgS8XVJTYatU8helK2xaQR+ZFSVcuHczv61hwCIvYk8S8
g3V16nubRGgiUjIeI+seSks37+Hunja5Qd75uxOTeRVuWYn7lahD7FYC1yTkELdF
HsQqFXuar/7oaVdVMdYKRDnKu5N+e0w4TfP6AwN5ivc/RMbIVDDAlw6gn43nTqnb
C37CdOTqHvAWVLg=
=wRtq
-----END PGP SIGNATURE-----