-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 2.3.9 and PHP versions 5.5.10 and 5.4.27. This release addresses the FCGI vulnerability CVE-2013-4365 with fixes to a possible heap buffer overwrite issue, and the PHP vulnerability CVE-2013-7345 with fixes to bugs in the fileinfo module. We encourage all FCGI users to upgrade to FCGI version 2.3.9, and all PHP users to upgrade toPHP version 5.5.11 or PHP version 5.4.27. AFFECTED VERSIONS All versions of FCGI versions before 2.3.9. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2013-4365 - MEDIUM FCGI 2.3.9 Fixed a possible heap buffer overwrite issue related to CVE-2013-4365. AFFECTED VERSIONS All versions of PHP version 5.5 before 5.5.11. All versions of PHP version 5.4 before 5.4.27. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2013-7345 - MEDIUM PHP 5.5.11 Fixed bug in the file info module related to CVE-2013-7345. PHP 5.4.27 Fixed bug in the file info module related to CVE-2013-7345. SOLUTION cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 3.2.9, and the updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of FCGI and PHP automatically. Run EasyApache to rebuild your profile with the latest version of FCGI and PHP. REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4365 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7345 https://www.apache.org/dist/httpd/mod_fcgid/CHANGES-FCGID http://www.php.net/ChangeLog-5.php#5.4.27 http://www.php.net/ChangeLog-5.php#5.5.11 -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJTQqLvAAoJEJUhvtyr2U3fcoYP/Apz1DOc4UO44XAS6c/Q15UP CvnF4G5htHq74H8Bsvt969z2wxaoeYYEnYSYwpq8FC+FXxD+oafx9RvEWIZ+f5Vl QBTdnSq4PDonPlmEozzcp8KPC/7skbrlMdhzZUsVf9OsqxrCKd+32QMbkRKski4u mnleSsDbJ5RP4n8amXmdOvTGgSE233VpVTDPa2iLjuREXCYruI7YBCvTPk5TCneP O0QAi4miSMR4Yf3FRp7Gstx79o/+TFf1LC0clYe+yhkuKzu+52HgMvW54SxeWEdd iBOezhVABehxZjCXDNhpzJlfdWlCyM2q32WBvM30m+vFFIdKx8o6T4FXwxh3GMXE IAkprHUKKOb+yGi96aIskKxUaFs+udWPYDSqMbWp6UUhGmEffmyEW4mAr7FzpJlG CgfwU8W4F4t019r3ae6BwmC6EOgiUYh/3OmVH7REA8MMotIvsDeNMfsq2xCw4Sb+ nxX8DWJxCaosQlFloTM+makZiN/c7aw+uKOQlydOh2dNbbtDIQUyt2eA4q+Yq69o wyS0F5KSh183SxVq2RB2GUfW3GXvWFVsNbmYIN7MNdD3fZGzfoROHtiQ0OwzCpqv VCZmUGlLFmGm2DwjaUd+KoLacSISDl+hHDmyZVrH0TVNXWlfEMTv8LKPI04/hTU9 E6YOLFjUd1fmEjKAIQjw =lV3F -----END PGP SIGNATURE-----