Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

EasyApache 4 2018-12-11 Security Release

Discussion in 'EasyApache' started by cPanelBenny, Dec 11, 2018.

Thread Status:
Not open for further replies.
  1. cPanelBenny

    cPanelBenny Community Team Manager, Development, dog scratcher Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    119
    Likes Received:
    61
    Trophy Points:
    103
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    SUMMARY
    cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 5.6.39, 7.0.33, 7.1.25, and 7.2.13 This release addresses vulnerabilities related to CVE-2018-19518 and CVE-2018-19935. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.39, all PHP 7.0 users to upgrade to version 7.0.33, all PHP 7.1 users to upgrade to version 7.1.25, and all PHP 7.2 users to upgrade to version 7.2.13.

    AFFECTED VERSIONS
    All versions of PHP 5.6 through 5.6.38
    All versions of PHP 7.0 through 7.0.32
    All versions of PHP 7.1 through 7.1.24
    All versions of PHP 7.2 through 7.2.12

    SECURITY RATING
    The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

    CVE-2018-19518 - MEDIUM
    PHP 5.6.39
    Fixed bug in IMAP module related to CVE-2018-19518

    PHP 7.0.33
    Fixed bug in IMAP module related to CVE-2018-19518

    PHP 7.1.25
    Fixed bug in IMAP module related to CVE-2018-19518

    PHP 7.2.13
    Fixed bug in IMAP module related to CVE-2018-19518

    CVE-2018-19935 - MEDIUM
    PHP 5.6.39
    Fixed bug in IMAP module related to CVE-2018-19935

    PHP 7.0.33
    Fixed bug in IMAP module related to CVE-2018-19935

    SOLUTION
    cPanel, L.L.C. has released updated RPMs for EasyApache 4 on December 11, 2018, with updated versions of PHP versions 5.6.39, 7.0.33, 7.1.25, and 7.2.13. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

    REFERENCES
    NVD - CVE-2018-19935
    NVD - CVE-2018-19518
    PHP: PHP 5 ChangeLog
    PHP: PHP 7 ChangeLog

    For the PGP-signed message, please see EA4 2018-12-11 CVE signed.
     
    Shood, vacancy and ES - George like this.
Loading...
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice