-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.2.29 and 7.3.16 This release addresses vulnerabilities related to CVE-2020-7064, CVE-2020-7065, and CVE-2020-7066. We strongly encourage all PHP 7.2 users to upgrade to version 7.2.29 and all PHP 7.3 users to upgrade to version 7.3.16.
 
 
AFFECTED VERSIONS
All versions of PHP through 7.2.28
All versions of PHP through 7.3.15

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-7066 - MEDIUM
PHP 7.2.29
Fixed bug related to CVE-2020-7066

PHP 7.3.16
Fixed bug related to CVE-2020-7066


CVE-2020-7064 - MEDIUM
PHP 7.2.29
Fixed bug related to CVE-2020-7064

PHP 7.3.16
Fixed bug related to CVE-2020-7064


CVE-2020-7065 - MEDIUM
PHP 7.2.29
Fixed bug related to CVE-2020-7065

PHP 7.3.16 - MEDIUM
Fixed bug related to CVE-2020-7065


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 25, 2020, with updated versions of PHP versions 7.2.29 and 7.3.16. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-7064
https://nvd.nist.gov/vuln/detail/CVE-2020-7065
https://nvd.nist.gov/vuln/detail/CVE-2020-7066
https://www.php.net/ChangeLog-7.php










-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl57hQkUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9wIRAApWPt4ZwO6Z5yDNkyKEPfbGjRznkS
MvzSASYZOiFi3Z71jJbdXmKkfsLNnyYPLm1Xn0a0VkVtZVR5vicSfCo5TIE+ACmf
SzcekQw+XIHhroywjrIiLPbJp8+rtUOrWGm+CXDIWdL3ZxqPYqdt+ftjIRljoNU+
y7j+Q+1wLHFHlvqKTamcMhJOLzsstsbzn3Cr1yKN04irjqNTa+JboCauXCzLPL4/
13CjIMBZ0K6haFMnOWn1oY1SVFGszoI+EIkvKwPv/6+mr5gPF42veZ6e9VHYOPsF
r/uaBtszXl+JbEVKJ45cRZN8vmAh0SxPzQJgobXyInoWN1RnSasYv2WvhhLrpw2l
DHkY5mcLnY8dtCDV3Pqg6tc3GP91Ob1vC5EhM/hSp9V4bZE/d2JRYhJsnlrhrsDr
fP3XFY+wknkaMgGJi9cBraD0j05fXXs8b+yj+cYQt9+uhvBDBsW/ANNo8joBEwBl
NuqncQEjpmyi1ZWJJ5gW/QCeZycRFre/+P13e9yN2ya3y5gTaNV4RZx5xLF6fJ5E
Zfgl0aU4BRrAfxo66PrswJIBgQV8pEhG2SVxEt1xTT7JldigRCJEPzM13xaFzvG7
TpHixC2afQfhpiHomkdL0rg/SaQDzPe7pLrZoIYpYQSgORpUzFV/2ozSeG6XhPwE
TnSoO6Y22pTtT0c=
=zbP3
-----END PGP SIGNATURE-----