-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.2.29 and 7.3.16 This release addresses vulnerabilities related to CVE-2020-7064, CVE-2020-7065, and CVE-2020-7066. We strongly encourage all PHP 7.2 users to upgrade to version 7.2.29 and all PHP 7.3 users to upgrade to version 7.3.16. AFFECTED VERSIONS All versions of PHP through 7.2.28 All versions of PHP through 7.3.15 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2020-7066 - MEDIUM PHP 7.2.29 Fixed bug related to CVE-2020-7066 PHP 7.3.16 Fixed bug related to CVE-2020-7066 CVE-2020-7064 - MEDIUM PHP 7.2.29 Fixed bug related to CVE-2020-7064 PHP 7.3.16 Fixed bug related to CVE-2020-7064 CVE-2020-7065 - MEDIUM PHP 7.2.29 Fixed bug related to CVE-2020-7065 PHP 7.3.16 - MEDIUM Fixed bug related to CVE-2020-7065 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 25, 2020, with updated versions of PHP versions 7.2.29 and 7.3.16. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2020-7064 https://nvd.nist.gov/vuln/detail/CVE-2020-7065 https://nvd.nist.gov/vuln/detail/CVE-2020-7066 https://www.php.net/ChangeLog-7.php -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl57hQkUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9wIRAApWPt4ZwO6Z5yDNkyKEPfbGjRznkS MvzSASYZOiFi3Z71jJbdXmKkfsLNnyYPLm1Xn0a0VkVtZVR5vicSfCo5TIE+ACmf SzcekQw+XIHhroywjrIiLPbJp8+rtUOrWGm+CXDIWdL3ZxqPYqdt+ftjIRljoNU+ y7j+Q+1wLHFHlvqKTamcMhJOLzsstsbzn3Cr1yKN04irjqNTa+JboCauXCzLPL4/ 13CjIMBZ0K6haFMnOWn1oY1SVFGszoI+EIkvKwPv/6+mr5gPF42veZ6e9VHYOPsF r/uaBtszXl+JbEVKJ45cRZN8vmAh0SxPzQJgobXyInoWN1RnSasYv2WvhhLrpw2l DHkY5mcLnY8dtCDV3Pqg6tc3GP91Ob1vC5EhM/hSp9V4bZE/d2JRYhJsnlrhrsDr fP3XFY+wknkaMgGJi9cBraD0j05fXXs8b+yj+cYQt9+uhvBDBsW/ANNo8joBEwBl NuqncQEjpmyi1ZWJJ5gW/QCeZycRFre/+P13e9yN2ya3y5gTaNV4RZx5xLF6fJ5E Zfgl0aU4BRrAfxo66PrswJIBgQV8pEhG2SVxEt1xTT7JldigRCJEPzM13xaFzvG7 TpHixC2afQfhpiHomkdL0rg/SaQDzPe7pLrZoIYpYQSgORpUzFV/2ozSeG6XhPwE TnSoO6Y22pTtT0c= =zbP3 -----END PGP SIGNATURE-----