SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.2.30, 7.3.17, and 7.4.5 and OpenSSL version 1.1.1g. This release addresses vulnerabilities related to CVE-2020-7067 and CVE-2020-1967. We strongly encourage all PHP 7.2 users to upgrade to version 7.2.30, all PHP 7.3 users to upgrade to version 7.3.17, all PHP 7.4 users to upgrade to version 7.4.5, and all OpenSSL users to upgrade to version 1.1.1g. 
 
 
AFFECTED VERSIONS
All versions of PHP 7.2 through 7.2.30
All versions of PHP 7.3 through 7.3.16
All versions of PHP 7.4 through 7.4.4
All versions of OpenSSL through 1.1.1f

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-7067 - MEDIUM
PHP 7.2.30
Fixed bug related to CVE-2020-7067

PHP 7.3.17
Fixed bug related to CVE-2020-7067

PHP 7.4.5
Fixed bug related to CVE-2020-7067

CVE-2020-1967 - MEDIUM
OpenSSL 1.1.1g
Fixed bug related to CVE-2020-1967


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on April 22, 2020, with updated versions of PHP version 7.2.30, 7.3.17, and 7.4.5, and OpenSSL version 1.1.1g. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-7067
https://nvd.nist.gov/vuln/detail/CVE-2020-1967
https://www.php.net/ChangeLog-7.php
https://www.openssl.org/news/openssl-1.1.1-notes.html