-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.4.11, 7.3.23, and 7.2.34. This release addresses vulnerabilities related to CVE-2020-7070 and CVE-2020-7069. We strongly encourage all PHP 7.4 users to upgrade to version 7.4.11, all PHP 7.3 users to upgrade to version 7.3.23, and all PHP 7.2 users to upgrade to version 7.2.34. AFFECTED VERSIONS All versions of PHP 7.4 through 7.4.10. All versions of PHP 7.3 through 7.3.22. All versions of PHP 7.2 through 7.2.33. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2020-7069 - MEDIUM PHP 7.2.34 Fixed bug in the OpenSSL module related to CVE-2020-7069. PHP 7.3.23 Fixed bug in the OpenSSL module related to CVE-2020-7069. PHP 7.4.11 Fixed bug in the OpenSSL module related to CVE-2020-7069. CVE-2020-7070 - MEDIUM PHP 7.2.34 Fixed bug in the Core module related to CVE-2020-7070. PHP 7.3.23 Fixed bug in the Core module related to CVE-2020-7070. PHP 7.4.11 Fixed bug in the Core module related to CVE-2020-7070. SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on October 7, 2020, with updated versions of PHP 7.2.34, 7.3.23, and 7.4.11. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2020-7069 https://nvd.nist.gov/vuln/detail/CVE-2020-7070 https://www.php.net/ChangeLog-7.php -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl996qQUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9f2hAAkofjcfCKs/Xldgv49JncuPV4FWZn vk/Ut08IfGHGyWIChlJhJvO+ZKf5xKt98oarvVywwhcaXIEcpnUGvkIXl5H6W+l9 DZgmrQI7ZmKje8RLx5BdV+rQhUCPXWMblNN4pk5/LTGyrSIz9CXpKgMjT6jVNxhK EkixCG6pbhqh31cHPW0FZnot+XRenRHa89qeDaD5gviBL4Pc3McpKJsw9sb1lL8B UmSOHkv/yqwrd3OGELsaL7TQ/2c73Wvv1h0zk5RWcMqcZSqczjigmk+XVg6JVbOD qvWinR6bP7RcvD/mxAfqmGU8lsbPW0Zr8GQIGeP0jkxLpXfoGUI/5o6qiMNqJFwM uZjxBCMLVg0S0I0Uiab2HeNg2Jn1Rak3Fa1YTrkf6Gpp6wR8S/1deyH9TqxS1uag wmCtFXHKhvHcNa+DkerNWUEYLxD32kzYoVY7VxjSwO4VVwEdOV+EtxOUd20mtiEn ir+OLjvSqeLnmKshJPcSbrLhspSMKR7KpfkfcKXqK/o/VpHpPACXXKvk1S036qtM c98osvUPT9xDg+GGdge+4/5yQSBt0WfaExTeWCCUeUECmCAlHJG5lInrtmJ/pxsb pfvBXTbFk6lTesx5GhPI6xD+yl7AYULjEuPiCEkVOZti3XbDg+FPK+I/+8Hgyt4u ik7Gkbzy/CXZg5M= =tY2A -----END PGP SIGNATURE-----