Administrator Posted August 26, 2013 Share Posted August 26, 2013 SUMMARY The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for CVE-2013-4248 in the OpenSSL module and a compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19. cPanel has released EasyApache 3.22.7 with PHP 5.5.3 and 5.4.19 to address this issue. AFFECTED VERSIONS All versions of PHP5.5 before 5.5.3 and PHP5.4 before 5.4.19. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2013-4248 – MEDIUM PHP 5.5.3 Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248. PHP 5.4.19 Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248. SOLUTION cPanel, Inc. has released EasyApache 3.22.7 with updated versions of PHP5.4 and PHP5.5 to correct these issues. Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run. For the PGP signed message, please go here. View the full article Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now