-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.2, 7.4.15, and 7.3.27. This release addresses vulnerabilities related to CVE-2021-21702. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.2, all PHP 7.4 users to upgrade to version 7.4.15, and all PHP 7.3 users to upgrade to version 7.3.27.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.1.
All versions of PHP 7.4 through 7.4.14.
All versions of PHP 7.3 through 7.3.26.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2021-21702 - MEDIUM

PHP 7.3.27
Fixed bug related to CVE-2021-21702.

PHP 7.4.15
Fixed bug related to CVE-2021-21702.

PHP 8.0.2
Fixed bug related to CVE-2021-21702.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on February 10, 2021, with updated versions of PHP  7.3.27, 7.4.15, and 8.0.2. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2021-21702
https://www.php.net/ChangeLog-7.php
https://www.php.net/ChangeLog-8.php













-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmAkLE0UHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8U3hAAy9cU6VNj5ePIcIoLWqZcDtb9mSVp
1r+MkL8DNqqK5DqLh5WhmesuooX3cfZ82iu8Wo/UkxMRc1v37v0n4nl7NIP3+kC7
8xJbQEuHRXAl1e3lBzruwW0xFAJkDIvPuqp7fnrfOxFsgwnPNG6lICdZkkXOYwOc
85c4PxFrcOVQCDRGkVgSVSj+f7A7e1ozUktIIiivdbFE68SVLejxugUXvobW8qte
+mbHkM623e2nw4suxqxi0p2nFJtyYI3bDWwXFWz2DF1NOt8iajr8hLdS5loQ6ajj
EX+Sphlv891Q1b2aYcBt2mcCHsaZ6OQjmY45YHALW708BumCfAhtMv35x37C8u57
kUH3J3IudnjaIt/xu3GH3QX+xmLgFRvtaXFGVppiDGhne+tLXfgyWt8A7KFRiCM/
xscd6kOL7+Iuq40kQdBZtHg09Su09baXwxfEVAiqrlq53/k11bP4udC/mlE0kzDC
AbXmSR5zBeTA5AuDfVtQ7hgs2QPelR/zl9Q9eCmz9VPGyHPAULzmPfNPqn8+IJW3
K+PGBaQAKnrHBp2+FPq57iVfJiygz9JaaZCEKYdUZOKmkT6Cmhgo7NyDHJYAMkwC
P5IMnWhHWXlP/2os99UY+Jek97Gokb8uy3VP1jqUjj4xin+3mDjorHhPRo6iD2Sl
imIsn5OpjlcbPWE=
=6z9B
-----END PGP SIGNATURE-----