-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 7.3.29, 7.4.21, and 8.0.8. This release addresses vulnerabilities related to CVE-2021-21704 and CVE-2021-21705.  We strongly encourage all PHP 7.3 users to upgrade to version 7.3.29, all PHP 7.4 users to upgrade to version 7.4.21, and all PHP 8.0 users to upgrade to version 8.0.8.
 
 
AFFECTED VERSIONS
All versions of PHP 7.3 through 7.3.28.
All versions of PHP 7.4 through 7.4.20.
All versions of PHP 8.0 through 8.0.8.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2021-21704 - MEDIUM
PHP 7.3.29
Fixed vulnerability related to CVE-2021-21704.

PHP 7.4.21
Fixed vulnerability related to CVE-2021-21704.

PHP 8.0.8
Fixed vulnerability related to CVE-2021-21704.


CVE-2021-21705 - MEDIUM
PHP 7.3.29
Fixed vulnerability related to CVE-2021-21705.

PHP 7.4.21
Fixed vulnerability related to CVE-2021-21705.

PHP 8.0.8
Fixed vulnerability related to CVE-2021-21705.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on July 7, 2021, with PHP versions 7.3.29, 7.4.21, and 8.0.8. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://www.php.net/ChangeLog-7.php#7.4.21
https://www.php.net/ChangeLog-7.php#7.3.29
https://www.php.net/ChangeLog-8.php#8.0.8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705

















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmDl5oEUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9VjQ/9H4x5cLcT4FgsdgHedI+ZKUMlyf50
CcAqlkWQkuGDB5vE1LaJXQJKVlQA9YwkI87HISrC0PhmqoZJend0dCxsfZE81YXF
/OQtbKXRqOM8esB6bzDPqvndFi1cI73P0sGiSg66sAtP8i8iih+jz0Vhh1YKqASf
kX9nb802Ay7Dw7EPOr+GkKsfcdeqkRBo28xvmGrbiEJ1RQjpZssWxLYgZrIE9wgd
E2iANLqBEKhBwXRnrzZypMt0doESd7eb+m77dvfjUcOe/kUigtAhrMUj+oabgtla
1S/Ij+1oRyCpRMo0HOBGz1U+HqRxs94t3QVyrihf9bTh8IfMLM5ndbqJQW7z06Y4
xIMGyxb4oRzu+Vc17WD2PYF52ZiF2JJ4RjtQ7VeKOjgKT3eUU+OL56rsJob6j3Ij
VFkLMhpOBA1Zmvrt/byYOGBLzzuQgYMMgfRA4giDfS/aApAY+wuNCyIN6ZwAHoCd
Jpt5AS7cx3QDLn0avGdpxy6rlAkcbaGU8N17hHmzHGZ2kHcFcDzXWVF3i5Ee0+af
o6rENU5AlQU/wUZRr3NTYnvVD6OLanTN8uU2+6xQ4QnzCHhFgjNOwy89GdXwMHu1
YE4cusliGeGIlwzI5C/z9cLMrM98+asSNrfQXR29g/O1SGSe/MUvuvZhfygIAY6h
PJlPcibExWW+R2c=
=5m7l
-----END PGP SIGNATURE-----