cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, CVE-2013-0338, CVE-2013-0339, CVE-2013-1969, and CVE-2013-2877. We encourage all PHP 5.5 users to upgrade to PHP version 5.5.15, and all users to upgrade to Libxslt version 1.1.28 and Libxml2 version 2.9.1.
AFFECTED VERSIONS All versions of PHP 5.5 before 5.5.15. All versions of Libxslt before 1.1.28. All versions of Libxml2 before 2.9.1.
SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2014-4670 - MEDIUM
PHP 5.5.15 Fixed a bug in the SPL component related to CVE-2014-4670.
CVE-2012-6139 - MEDIUM
Libxslt 1.1.28 Fixed a bug in the Libxslt library related to CVE-2012-6139.
CVE-2012-5134 - MEDIUM
Libxml2 2.9.1 Fixed an out of bound access bug in the Libxml2 library related to CVE-2012-5134.
CVE-2013-0338 - MEDIUM
Libxml2 2.9.1 Fixed a bug in the Libxml2 library related to CVE-2013-0338.
CVE-2013-0339 - MEDIUM
Libxml2 2.9.1 Fixed a bug in the Libxml2 library related to CVE-2013-0339.
CVE-2013-1969 - HIGH
Libxml2 2.9.1 Fixed buffer conversion bugs related to CVE-2013-1969.
CVE-2013-2877 - MEDIUM
Libxml2 2.9.1 Fixed a bug in the Libxml2 library related to CVE-2013-2877.
SOLUTION cPanel, Inc. has released EasyApache 3.26.3 with updated versions of PHP 5.5, Libxslt and Libxml2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest versions of PHP, Libxslt and Libxml2.
REFERENCES http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6139 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5134 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0338 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877 http://php.net/ChangeLog-5.php#5.5.15 http://xmlsoft.org/ChangeLog.html http://xmlsoft.org/Libxslt/ChangeLog.html
|