-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.12, 7.4.25, and 7.3.32. This release addresses vulnerabilities related to CVE-2021-21703. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.12, all PHP 7.4 users to upgrade to version 7.4.25, and all PHP 7.3 users to upgrade to version 7.3.32.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.11.
All versions of PHP 7.4 through 7.4.24.
All versions of PHP 7.3 through 7.3.31.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2021-21703  - HIGH
PHP 8.0.12
Fixed vulnerability in PHP-FPM related to CVE-2021-21703.

PHP 7.4.25
Fixed vulnerability in PHP-FPM related to CVE-2021-21703.

PHP 7.3.32
Fixed vulnerability in PHP-FPM related to CVE-2021-21703.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on October 27, 2021, with PHP versions 8.0.12, 7.4.25, and 7.3.32. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.php.net/ChangeLog-8.php#8.0.12
https://www.php.net/ChangeLog-7.php#7.4.25
https://www.php.net/ChangeLog-7.php#7.3.32
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703

















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmF5fTgUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9xORAAsbKtxIkl5D41uNHDiQH7WflnI6xG
vnYHmsOa9uxeUYYHdA+8FSv5YWVXzJZoKMZ4/VbBwvdCUPoIx6DsLGJ0L93j9CBy
I25VIoRB2amzpOhyN7CTWQjh16UjLceqkcInFfChEZBwHHIp7AMm4hbPt3bIbZ4v
CzwseI3BIY6QHOF/hnxgl2RBYfKLNVbw0gq3CIslUDaJbcoeoLMATLjpcGtnK5Wb
uTL7wZnqkct6WYpBpkkm6wkGKWzaZBOT3ONJjYtmfa6HqKhBVaa2/qdHzP19/MHI
/bAbFe248hWiHAdIgzTz+TczxTvOfU4tsmQXFp8FEO3AjWIJObJr0968JcAIFD39
2k6UbodEkchpovpi0Di00yMYJ3jctKxj8zJWksxa7cN38ilcHT8EaVrDkcXsM37j
BNej9g3MtJb5HsApj0TKPJOHDdW2Pgk2BhUqTPReF9eFxUMxFKNrzjhlvYqRfvjj
ZsApQzyBDPBV9vCMw4MjeEW1I0sAiaCVW+GdGZjNZaTO5gNk4PtGJ+4TCOLiWOI+
8/rOm91EG+WG6sKrpAtsh660ZM2JEal8ce02rBJd89RcGp9Gvx9Ly5zyAkzz9Ild
flMTfnI5uS+rn1TcmuEiDHpP8IsmZFWoqXr/gdnzD2SU/5pTT089ap54LpbUr4Zq
iTHDbU7yF4gLbWQ=
=RD/n
-----END PGP SIGNATURE-----