RSS Feed
News
Jul
13
SECURITY ALERT : New updated PHP Version for EasyApache 4 [INFO]
Posted by Fatihah B. on 13 July 2017 10:26 AM
ATTENTION: All cPanel owners / administrators. 
 
Dear valued customers,
 
We were informed by our security team that cPanel, Inc. has released updated RPMs for EasyApache 4 on July 12, 2017, with PHP versions 5.6.31, 7.0.21, and 7.1.7.
 
This release addresses vulnerabilities related to CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229, and CVE-2017-7890.
 
We strongly encourage all PHP 5.6 users to upgrade to version 5.6.31, all PHP 7.0 users to upgrade to version 7.0.21, and all PHP 7.1 users to upgrade to version 7.1.7.
 
AFFECTED VERSIONS
All versions of PHP 5.6 through 5.6.30
All versions of PHP 7.0 through 7.0.20
All versions of PHP 7.1 through 7.1.6
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2017-9224 - HIGH
PHP 5.6.31
Fixed bug in mbstring extension related to CVE-2017-9224
 
PHP 7.0.21
Fixed bug in mbstring extension related to CVE-2017-9224
 
PHP 7.1.7
Fixed bug in mbstring extension related to CVE-2017-9224
 
CVE-2017-9226 - HIGH
PHP 5.6.31
Fixed bug in mbstring extension related to CVE-2017-9226
 
PHP 7.0.21
Fixed bug in mbstring extension related to CVE-2017-9226
 
PHP 7.1.7
Fixed bug in mbstring extension related to CVE-2017-9226
 
CVE-2017-9227 - HIGH
PHP 5.6.31
Fixed bug in mbstring extension related to CVE-2017-9227
 
PHP 7.0.21
Fixed bug in mbstring extension related to CVE-2017-9227
 
PHP 7.1.7
Fixed bug in mbstring extension related to CVE-2017-9227
 
CVE-2017-9228 - HIGH
PHP 5.6.31
Fixed bug in mbstring extension related to CVE-2017-9228
 
PHP 7.0.21
Fixed bug in mbstring extension related to CVE-2017-9228
 
PHP 7.1.7
Fixed bug in mbstring extension related to CVE-2017-9228
 
CVE-2017-9229 - MEDIUM
PHP 5.6.31
Fixed bug in mbstring extension related to CVE-2017-9229
 
PHP 7.0.21
Fixed bug in mbstring extension related to CVE-2017-9229
 
PHP 7.1.7
Fixed bug in mbstring extension related to CVE-2017-9229
 
CVE-2017-7890 - MEDIUM
PHP 5.6.31
Fixed bug in GD module related to CVE-2017-7890
 
PHP 7.0.21
Fixed bug in GD module related to CVE-2017-7890
 
PHP 7.1.7
Fixed bug in GD module related to CVE-2017-7890
 
SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on July 12, 2017, with updated versions of 5.6, 7.0, and 7.1. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
 
REFERENCES
 
Sincerely,
Fatihah B.
Customer Care Help Desk
------------------------------------
247 LiveSupport Department
- http://247livesupport.biz -
* Thank you for using 247LiveSupport System *

SUPPORT ESCALATION PROCEDURE
We stand behind our products and services. If there are serious problems that are impacting your business and you are not getting help through regular channels, you can contact our CEO, Terence C. directly at ceo@247livesupport.biz.

Copyright © 2005 - 2016 Shinjiru International Inc. All Rights Reserved.