-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.2.28 and 7.3.15, cURL version 7.68.0, and OpenSSL version 1.0.2u. This release addresses vulnerabilities related to CVE-2020-7063, CVE-2020-7061, CVE-2020-7062, CVE-2019-1551, and CVE-2019-15601. We strongly encourage all PHP 7.2 users to upgrade to version 7.2.28, all PHP 7.3 users to upgrade to version 7.3.15, all OpenSSL users to upgrade to version 1.0.2u, and all cURL users to upgrade to version 7.68.0. AFFECTED VERSIONS All versions of PHP through 7.2.27 All versions of PHP through 7.3.14 All versions of cURL through 7.67.0 All versions of OpenSSL through 1.0.2t SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2020-7063 - MEDIUM PHP 7.2.28 Fixed bug related to CVE-2020-7063 PHP 7.3.15 Fixed bug related to CVE-2020-7063 CVE-2020-7061 - MEDIUM PHP 7.2.27 Fixed bug related to CVE-2020-7061 PHP 7.3.14 Fixed bug related to CVE-2020-7061 CVE-2020-7062 - MEDIUM PHP 7.2.27 Fixed bug related to CVE-2020-7062 PHP 7.3.14 - MEDIUM Fixed bug related to CVE-2020-7062 CVE-2019-1551 - MEDIUM OpenSSL 1.0.2u Fixed bug related to CVA-2019-1551 CVE-2019-15601 - MEDIUM cURL 7.68.0 Fixed bug related to CVE-2019-15601 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on February 26, 2020, with updated versions of PHP versions 7.2.28 and 7.3.15, OpenSSL version 1.0.22, and cURL version 7.68.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2020-7061 https://nvd.nist.gov/vuln/detail/CVE-2020-7062 https://nvd.nist.gov/vuln/detail/CVE-2020-7063 https://nvd.nist.gov/vuln/detail/CVE-2019-1551 https://nvd.nist.gov/vuln/detail/CVE-2019-15601 https://www.php.net/ChangeLog-7.php https://www.openssl.org/news/secadv/20191206.txt https://curl.haxx.se/changes.html -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl5WurQUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/MjRAAgJKqt3WMj8fK6623qZIlqagLv9HD RULrqLQpZLT1xlXIeE9wAzKk4kF61EHuu6ntiWJRzj1DPdWpMX42PTd8rxv4k3+B 3TzIuWEAMU23ZYnlSymefxV3BhcPOo64DoqFOlmGuCSPEAzDv+Rbtbse2wiGy088 ytRe96SHCNbDguBCXqwWkAJWfyCz0Eszq5gihFe0L2Wd7FKAm7+UNBZIkrR5cdWs fC6rJG+Z38f3UNXus71winpew2QpGQbfopJYlwW0x3TXQ6cstfN2MYO+b/1ndsMC eFmVwe/R2GvUYH8Nq0yKr0aRb1KqLRnZPJlrJXd9MFrOqTKF7txCPyoxij8iQTRX DKKzpSFPReoT6iLHA82JC6+QY72pqbJa99Plj6AkZOITIrrw6olLyi1JPXXag4TD qyBdN0+Z4/GFLqrnp6ldc4kZQE+cskovyyH353RBjN/XTny8ZHS6i2Ee/l/5Qc/Z ChwWr3SBD7Zwgw4V7SJpS30ynHBr0cL62FGkYXa/XckWtPvuknNiVU4Mrt1R4JFp E9lNHfQA/9HB/X490F1scN1vZhf16cCBY74E0QeFb6jQDLWtnb2+jLPLPC+wfMy5 8w6IiGYJDBF5Pq5IlZUazQ70vde5on4TdqkYivy9rabiJO2irQ44h0sptRDmm0TG tCUY+RUrELTM9cs= =DUCy -----END PGP SIGNATURE-----