-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.4.11, 7.3.23, and 7.2.34. This release addresses vulnerabilities related to CVE-2020-7070 and CVE-2020-7069. We strongly encourage all PHP 7.4 users to upgrade to version 7.4.11, all PHP 7.3 users to upgrade to version 7.3.23, and all PHP 7.2 users to upgrade to version 7.2.34.
 
 
AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.10.
All versions of PHP 7.3 through 7.3.22.
All versions of PHP 7.2 through 7.2.33.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-7069 - MEDIUM
PHP 7.2.34
Fixed bug in the OpenSSL module related to CVE-2020-7069.

PHP 7.3.23
Fixed bug in the OpenSSL module related to CVE-2020-7069.

PHP 7.4.11
Fixed bug in the OpenSSL module related to CVE-2020-7069.

CVE-2020-7070 - MEDIUM
PHP 7.2.34
Fixed bug in the Core module related to CVE-2020-7070.

PHP 7.3.23
Fixed bug in the Core module related to CVE-2020-7070.

PHP 7.4.11
Fixed bug in the Core module related to CVE-2020-7070.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on October 7, 2020, with updated versions of PHP 7.2.34, 7.3.23, and 7.4.11. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-7069
https://nvd.nist.gov/vuln/detail/CVE-2020-7070
https://www.php.net/ChangeLog-7.php











-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl996qQUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9f2hAAkofjcfCKs/Xldgv49JncuPV4FWZn
vk/Ut08IfGHGyWIChlJhJvO+ZKf5xKt98oarvVywwhcaXIEcpnUGvkIXl5H6W+l9
DZgmrQI7ZmKje8RLx5BdV+rQhUCPXWMblNN4pk5/LTGyrSIz9CXpKgMjT6jVNxhK
EkixCG6pbhqh31cHPW0FZnot+XRenRHa89qeDaD5gviBL4Pc3McpKJsw9sb1lL8B
UmSOHkv/yqwrd3OGELsaL7TQ/2c73Wvv1h0zk5RWcMqcZSqczjigmk+XVg6JVbOD
qvWinR6bP7RcvD/mxAfqmGU8lsbPW0Zr8GQIGeP0jkxLpXfoGUI/5o6qiMNqJFwM
uZjxBCMLVg0S0I0Uiab2HeNg2Jn1Rak3Fa1YTrkf6Gpp6wR8S/1deyH9TqxS1uag
wmCtFXHKhvHcNa+DkerNWUEYLxD32kzYoVY7VxjSwO4VVwEdOV+EtxOUd20mtiEn
ir+OLjvSqeLnmKshJPcSbrLhspSMKR7KpfkfcKXqK/o/VpHpPACXXKvk1S036qtM
c98osvUPT9xDg+GGdge+4/5yQSBt0WfaExTeWCCUeUECmCAlHJG5lInrtmJ/pxsb
pfvBXTbFk6lTesx5GhPI6xD+yl7AYULjEuPiCEkVOZti3XbDg+FPK+I/+8Hgyt4u
ik7Gkbzy/CXZg5M=
=tY2A
-----END PGP SIGNATURE-----