-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY cPanel, Inc. has released EasyApache 3.26.6 with PHP versions 5.4.32 and 5.5.16. This release addresses vulnerabilities CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120, CVE-2014-3597, CVE-2014-4670 and CVE-2014-4698. We encourage all PHP 5.4 users to upgrade to PHP version 5.4.32 and all PHP 5.5 users to upgrade to PHP version 5.5.16. AFFECTED VERSIONS All versions of PHP 5.4 before 5.4.32. All versions of PHP 5.5 before 5.5.16. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2014-3538 - MEDIUM PHP 5.4.32 Fixed bug in the Fileinfo module related to CVE-2014-3538. PHP 5.5.16 Fixed bug in the Fileinfo module related to CVE-2014-3538. CVE-2014-3587 - MEDIUM PHP 5.4.32 Fixed bug in the Fileinfo module related to CVE-2014-3587. PHP 5.5.16 Fixed bug in the Fileinfo module related to CVE-2014-3587. CVE-2014-2497 - MEDIUM PHP 5.4.32 Fixed bug in the GD module related to CVE-2014-2497. PHP 5.5.16 Fixed bug in the GD module related to CVE-2014-2497. CVE-2014-5120 - MEDIUM PHP 5.4.32 Fixed bug in the GD module related to CVE-2014-5120. PHP 5.5.16 Fixed bug in the GD module related to CVE-2014-5120. CVE-2014-3597 - MEDIUM PHP 5.4.32 Fixed bug in the SPL module related to CVE-2014-3597. PHP 5.5.16 Fixed bug in the SPL module related to CVE-2014-3597. CVE-2014-4670 - MEDIUM PHP 5.4.32 Fixed bug in the SPL module related to CVE-2014-4670. CVE-2014-4698 - MEDIUM PHP 5.4.32 Fixed bug in the SPL module related to CVE-2014-4698. SOLUTION cPanel, Inc. has released EasyApache 3.26.6 with updated version of PHP 5.4.32 and PHP 5.5.16 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Apache. REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3538 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3587 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2497 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3597 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4698 http://php.net/ChangeLog-5.php#5.4.32 http://php.net/ChangeLog-5.php#5.5.16 -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJT96CsAAoJEJUhvtyr2U3fwzMQAL26VufxJgLlEJXIa92cLzpI laSKnSiS5IPByBwtIJfdZk/GC6VsBLQQWIMigvjAynSfkG+6qhJ6NWTxsmb4oH/8 skhC9x1R570bW/J98Szo4CoijUiEC9WjfJVVO+6KL1ynZAO88eobR5kUPhOR9ooM 7DS4IvpF54xxNdOzbwaF5/MlDiM/43q+02PjQTdd2UNu5zb+kcdQXVq4ipmx0shj Xc7P2V88oK/1RCbm+SlldqHUH+iEPh6/MaNBBM2N1ChNNUtK8iPoLzzNRfv7Tq3C /Bvp14RS36Eqs4lLNPHg/hlv3w7L7baClKiE8RU91Eh/FbCKTeTHefLcdSEH9L8f YI6bxGQBKwy5r5ge8NrtANw2lOwLlBqu3ZNTSrEr09VAAC0tt2c7saf92JL6aZNi MLQAr4+H+SiO3plGpkrJ+1UlOYRIbNnv7midgyd+V6f8pKuEcQN+ToWFC9bDZKQX mdiCzx8+Nf9A5SwUik09wF8uKzmahg4BssHGK/NYYiw6E5Pyy61pvOVpdzs2WOgR wmlcrhLmbmVXZVSY+DOeSx1pxzNvW2QJ2qqcO4dwkCPrRZ4NDLNyof1XTpSBQxZ4 DsXwB0Rcv+QKv2gRBbXrZP0Sn4xucs3sWg5QCgTP0U/C4I19TxRoTxKFt3OX4dHw 7INS9hmYD9e2SaXy+LxA =ia4l -----END PGP SIGNATURE-----