Results 1 to 7 of 7
  1. #1
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294

    cPanel EasyApache 3.22.25 Released


    SUMMARY
    cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses PHP vulnerabilities CVE-2013-4073 and CVE-2013-6420 by fixing bugs in the OpenSSL module. We encourage all PHP users to upgrade to PHP versions 5.3.28, 5.4.23, and 5.5.7.

    AFFECTED VERSIONS
    All versions of PHP 5.3 before 5.3.28.
    All versions of PHP 5.4 before 5.4.23.
    All versions of PHP 5.5 before 5.5.7.

    SECURITY RATING
    The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

    CVE-2013-4073 MEDIUM

    PHP 5.3.28
    Fixed bug in the OpenSSL module related to CVE-2013-4073.

    CVE-2013-6420 MEDIUM

    PHP 5.3.28
    Fixed bug in the OpenSSL module related to CVE-2013-6420.

    PHP 5.4.23
    Fixed bug in the OpenSSL module related to CVE-2013-6420.

    PHP 5.5.7
    Fixed bug in the OpenSSL module related to CVE-2013-6420.

    SOLUTION
    cPanel, Inc. has released EasyApache 3.22.25 with updated versions of PHP 5.3, 5.4, and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

    REFERENCES
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-4073
    http://www.php.net/ChangeLog-5.php#5.3.28

    For the PGP-signed message, see EA3-CVE-3-22-25-signed.
    Good idea to update :-}
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  2. #2
    Join Date
    Sep 2010
    Location
    /usr/bin/fail
    Posts
    858
    Thank you for the heads up sir... Done....

  3. #3
    Join Date
    Mar 2009
    Posts
    2,735
    if i use cloudlinux cafge,should i still need run the easyapache again ?

  4. #4
    Join Date
    Jan 2006
    Location
    127.0.0.1
    Posts
    681
    Thanks for the heads up, looks like this was rolled out using cPanel's Automatic Updates however, no action required on my end.

  5. #5
    Join Date
    Mar 2009
    Posts
    2,735
    but i think cPanel's Automatic Updates will only update cpanel/whm instead of easyapache and php. correct?

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by Eased View Post
    Thanks for the heads up, looks like this was rolled out using cPanel's Automatic Updates however, no action required on my end.
    You need to recompile your php to obtain the actual fix.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  7. #7
    Join Date
    Jan 2006
    Location
    127.0.0.1
    Posts
    681
    Quote Originally Posted by Steven View Post
    You need to recompile your php to obtain the actual fix.
    Noted. Thanks!

Similar Threads

  1. EasyApache in cPanel vs CustomBuild in DirectAdmin
    By chasebug in forum Dedicated Server
    Replies: 4
    Last Post: 06-27-2011, 05:17 AM
  2. cPanel EasyApache Question
    By SajanP in forum Hosting Software and Control Panels
    Replies: 6
    Last Post: 04-12-2011, 09:27 AM
  3. how to run cPanel easyapache in the background
    By sharmaine1111 in forum Hosting Software and Control Panels
    Replies: 5
    Last Post: 03-30-2009, 12:24 AM
  4. Best Easyapache/Apache config for Cpanel
    By TheSimpleHost-Nathan in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-08-2008, 10:34 PM
  5. cPanel easyapache broken
    By webdirect in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-27-2006, 12:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •