Hash: SHA512
SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on January 24, 2017, with PHP version 5.6.30, 7.0.15, and 7.1.1. This release addresses vulnerabilities related to CVE-2017-5350. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.30, all PHP 7.0 users to upgrade to version 7.0.15, and all PHP 7.1 users to upgrade to version 7.1.1.
AFFECTED VERSIONS
All versions of PHP 7.0 through 7.0.14
All versions of PHP 7.1 through 7.1.0
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2017-5350 - MEDIUM
PHP 7.0.15
Fixed bug related to CVE-2017-5350
PHP 7.1.0
Fixed bug related to CVE-2017-5350
SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on January 5, 2017, with a updated versions of PHP 5.6, 7.0, and 7.1. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
REFERENCES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5350
http://www.php.net/ChangeLog-7.php
http://www.php.net/ChangeLog-5.php