-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.13, 7.4.26, and 7.3.33. This release addresses vulnerabilities related to CVE-2021-21707. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.13, all PHP 7.4 users to upgrade to version 7.4.26, and all PHP 7.3 users to upgrade to version 7.3.33.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.12.
All versions of PHP 7.4 through 7.4.25.
All versions of PHP 7.3 through 7.3.32.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2021-21707 - MEDIUM
PHP 8.0.12
Fixed vulnerability in XML related to CVE-2021-21707.

PHP 7.4.25
Fixed vulnerability in XML related to CVE-2021-21707.

PHP 7.3.32
Fixed vulnerability in XML related to CVE-2021-21707.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on November 23, 2021, with PHP versions 8.0.13, 7.4.26, and 7.3.33. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.php.net/ChangeLog-8.php#8.0.13
https://www.php.net/ChangeLog-7.php#7.4.26
https://www.php.net/ChangeLog-7.php#7.3.36
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707

















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmGdDxQUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8z8Q/9EZoFOSeJktt4uV4TBTaHPuyrIJzq
aH9kteuYU7RdN5pCJnPtEsHHfxv2GxvDNU4Sv+F5Gsv/H4kY0aVDVmv5S/vMvfCJ
ReS7WfoB4NAkKLUkPnfBrBShP3v1icr3anwvS3a5mUrTDCkvQUFtVL1gv8r/7L1L
UZj58XYVZ88cuUVLwQxYF6urm+SpxOOtPXeyWwrZU58OcZ28Nmr3/px4NtGRhUU8
YdoXWPaHlHbwbcMT6X+hTK8wMfHiktWq2zAxAZHWThkRfZeq2gCUrfyESUEWzchd
tDPvpyyBDbZFCTUv20SHUMWxSMk9sq78VH2woBNxyqkPbG6T8GRq+sMiLGpzOysi
vClcSIwku2Z6g5Lk4/yJkpYBbv3dwsW0DWsYkgw81xcZYOz78sOFOy6nERUf+vZg
KCPwx+dCvOgHL1QopSG8NMAr5paba+L1+K47i9B+n/PiBmFUmss55B0E2F+PYLVm
tYqUGYEC8QCzyW1f7TMnpui9ICOyHN0d4mM0mGTvVA4S0E3cO4RyC0XHJtoTkaPC
BBRtTv7HUbbab2eALxepTi0epb3v6mU4aw9torttdU2q55UcX6i0pIsU7wVEP3/M
NaPcOtOrl317HkyzEW6r5CvaT19UzQA12rf/UFofiibENO1CqIb09BQF7zF0Go5c
ri73Ih5uJ5s9cr8=
=G6tx
-----END PGP SIGNATURE-----