-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with Ruby version 2.4.7, and PHP versions 7.2.23 and 7.3.10. This release addresses vulnerabilities related to CVE-2012-6708, CVE-2015-9251, and two others which have not yet been assigned numbers. We strongly encourage all Ruby users to upgrade to version 2.4.7, all PHP 7.2 users to upgrade to version 7.2.23, and all PHP 7.3 users to upgrade to version 7.3.10. AFFECTED VERSIONS All versions of Ruby through 2.4.6 All versions of PHP 7.2 through 7.2.22 All versions of PHP 7.3 through 7.3.9 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2012-6708 - MEDIUM Ruby 2.4.7 Fixed bug related to CVE-2012-6708 CVE-2015-9251 - MEDIUM Ruby 2.4.7 Fixed bug related to CVE-2015-9251 Several more CVEs for PHP versions 7.2 and 7.3 which have not yet been assigned a number. SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on October 2, 2019, with updated versions of Ruby 2.4.7 7.66.0 and PHP versions 7.2.23 and 7.3.10. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2012-6708 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 https://www.ruby-lang.org/en/news/2019/08/28/ruby-2-4-7-released/ https://www.php.net/ChangeLog-7.php -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl2UzPgUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8u8w/+KPIfuTP0JYe3cjiuBCRJ40q2sCUr kIQ+qthSs4giUJktGiu3qGWjLACDmhFGtQG9gv1EcENs9oMIfy6YmrckF30E1J2T Ic5PB9JvCiZAStJGDxBr7XAsOcVAdCwb9S/xMUO/EbUuOYU4z5MKZ+JYEvK0uvc+ MFQz48C/ESMy8T148CYNtry625QMhWiYgG9MzGoju/ltbI+UvzCmt1yD2ovG+bSa QBLlmNXNoKsPFbkpuOUz8Gn1s647bqRlDS9kGGfB3iX22vyXPJGlY1UxBfVf2K48 KvBb/kFWwE9sytgkzjFFhy0t297eFj2aplOSACwOf4+OxDQQJ+1PRXnGjLWLazQg +eTeSwvG7zKKDxRirLOy/rVxzTbjXZWDZeOg/QAIhLu7T8B/sRTNVj+x9JBNWRHn ZmpmN/r9y8Li6DiiIrBbN8d3b9WU+PTox0N36kwROSJO5/nmIt+lcaW0Yc46352A EdcGHjHqdDqDDmddmW1vgS8XVJTYatU8helK2xaQR+ZFSVcuHczv61hwCIvYk8S8 g3V16nubRGgiUjIeI+seSks37+Hunja5Qd75uxOTeRVuWYn7lahD7FYC1yTkELdF HsQqFXuar/7oaVdVMdYKRDnKu5N+e0w4TfP6AwN5ivc/RMbIVDDAlw6gn43nTqnb C37CdOTqHvAWVLg= =wRtq -----END PGP SIGNATURE-----