-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.2.28 and 7.3.15, cURL version 7.68.0, and OpenSSL version 1.0.2u. This release addresses vulnerabilities related to CVE-2020-7063, CVE-2020-7061, CVE-2020-7062, CVE-2019-1551, and CVE-2019-15601. We strongly encourage all PHP 7.2 users to upgrade to version 7.2.28, all PHP 7.3 users to upgrade to version 7.3.15, all OpenSSL users to upgrade to version 1.0.2u, and all cURL users to upgrade to version 7.68.0.
 
 
AFFECTED VERSIONS
All versions of PHP through 7.2.27
All versions of PHP through 7.3.14
All versions of cURL through 7.67.0
All versions of OpenSSL through 1.0.2t

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-7063 - MEDIUM
PHP 7.2.28
Fixed bug related to CVE-2020-7063

PHP 7.3.15
Fixed bug related to CVE-2020-7063


CVE-2020-7061 - MEDIUM
PHP 7.2.27
Fixed bug related to CVE-2020-7061

PHP 7.3.14
Fixed bug related to CVE-2020-7061


CVE-2020-7062 - MEDIUM
PHP 7.2.27
Fixed bug related to CVE-2020-7062

PHP 7.3.14 - MEDIUM
Fixed bug related to CVE-2020-7062


CVE-2019-1551 - MEDIUM
OpenSSL 1.0.2u
Fixed bug related to CVA-2019-1551


CVE-2019-15601 - MEDIUM
cURL 7.68.0
Fixed bug related to CVE-2019-15601



SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on February 26, 2020, with updated versions of PHP versions 7.2.28 and 7.3.15, OpenSSL version 1.0.22, and cURL version 7.68.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-7061
https://nvd.nist.gov/vuln/detail/CVE-2020-7062
https://nvd.nist.gov/vuln/detail/CVE-2020-7063
https://nvd.nist.gov/vuln/detail/CVE-2019-1551
https://nvd.nist.gov/vuln/detail/CVE-2019-15601
https://www.php.net/ChangeLog-7.php
https://www.openssl.org/news/secadv/20191206.txt
https://curl.haxx.se/changes.html










-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl5WurQUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/MjRAAgJKqt3WMj8fK6623qZIlqagLv9HD
RULrqLQpZLT1xlXIeE9wAzKk4kF61EHuu6ntiWJRzj1DPdWpMX42PTd8rxv4k3+B
3TzIuWEAMU23ZYnlSymefxV3BhcPOo64DoqFOlmGuCSPEAzDv+Rbtbse2wiGy088
ytRe96SHCNbDguBCXqwWkAJWfyCz0Eszq5gihFe0L2Wd7FKAm7+UNBZIkrR5cdWs
fC6rJG+Z38f3UNXus71winpew2QpGQbfopJYlwW0x3TXQ6cstfN2MYO+b/1ndsMC
eFmVwe/R2GvUYH8Nq0yKr0aRb1KqLRnZPJlrJXd9MFrOqTKF7txCPyoxij8iQTRX
DKKzpSFPReoT6iLHA82JC6+QY72pqbJa99Plj6AkZOITIrrw6olLyi1JPXXag4TD
qyBdN0+Z4/GFLqrnp6ldc4kZQE+cskovyyH353RBjN/XTny8ZHS6i2Ee/l/5Qc/Z
ChwWr3SBD7Zwgw4V7SJpS30ynHBr0cL62FGkYXa/XckWtPvuknNiVU4Mrt1R4JFp
E9lNHfQA/9HB/X490F1scN1vZhf16cCBY74E0QeFb6jQDLWtnb2+jLPLPC+wfMy5
8w6IiGYJDBF5Pq5IlZUazQ70vde5on4TdqkYivy9rabiJO2irQ44h0sptRDmm0TG
tCUY+RUrELTM9cs=
=DUCy
-----END PGP SIGNATURE-----