Jump to content

Security Advisory 2013-08-26


Recommended Posts


The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for CVE-2013-4248 in the OpenSSL module and a compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19. cPanel has released EasyApache 3.22.7 with PHP 5.5.3 and 5.4.19 to address this issue.


All versions of PHP5.5 before 5.5.3 and PHP5.4 before 5.4.19.


The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2013-4248 – MEDIUM

PHP 5.5.3

Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248.

PHP 5.4.19

Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248.


cPanel, Inc. has released EasyApache 3.22.7 with updated versions of PHP5.4 and PHP5.5 to correct these issues. Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run.

For the PGP signed message, please go here.

View the full article
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...