EasyApache 3 security release for PHP 5.6.31?

Trane Francks

• July 11, 2017 21:12

Hi. As the subject line asks, will EA3 see a security update for PHP 5.6.31, which itself is a security release? I'm forced to administer a CL5 box with cPanel 56 for reasons outside of my control. I have been reluctant to attempt migrating to EA4 due to constrained resources on that system. Please advise. Thanks, trane

• 

  24x7server

  • July 12, 2017 04:06

  Hi, I think you should check the below link: Updated EasyApache 3 Deprecation Schedule | cPanel Blog The deprecation is scheduled and it is better you move to EA4 sooner..

  0
• 

  Trane Francks

  • July 12, 2017 04:19

  Hi, I think you should check the below link: Updated EasyApache 3 Deprecation Schedule | cPanel Blog The deprecation is scheduled and it is better you move to EA4 sooner..

  
  I would agree, but the information regarding the ability to migrate is mixed. Although EA4 migration appears to be an option in cPanel 56, it is my understanding that CL5 (CentOS 5) is NOT supported. As such, requiring an EA3 release seems a given. A new, CentOS 7 server migration cannot come fast enough! Cheers, trane

  0
• 

  24x7server

  • July 12, 2017 04:27

  Hi, Okay for that part, then meanwhile you are plan for new OS, if you want to run the latest version of PHP 5.6, then I would suggest you install it manually, combine it with suPHP and use it for your use as required through .htaccess and suPHP handler..

  0
• 

  Trane Francks

  • July 12, 2017 06:57

  Hi, Okay for that part, then meanwhile you are plan for new OS, if you want to run the latest version of PHP 5.6, then I would suggest you install it manually, combine it with suPHP and use it for your use as required through .htaccess and suPHP handler..

  
  Again: EA3 is not to be EOLed until 2018. As such, I would expect a security release of PHP 5.6 to trigger a security release of EA3. This is not a discussion of upgrading servers or circumventing cPanel 56 packages. It is a discussion of EA3.

  0
• 

  ThinIce

  • July 12, 2017 09:41

  Yes, I had an email as follows overnight. However, this does not show up as available on my server and I am not aware of a way to manually force the easyapache 3 script to update since it updates itself outside of upcp (afaiaa) SUMMARY cPanel, Inc. has released EasyApache 3.34.13 with PHP version 5.6.31. This release addresses vulnerabilities related to CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229, and CVE-2017-7890. We strongly encourage all PHP 5.6 users to upgrade to version 5.6.31. AFFECTED VERSIONS All versions of PHP 5.6 through version 5.6.30 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2017-9224 - HIGH PHP 5.6.31 Fixed bug in mbstring extension related to CVE-2017-9224 CVE-2017-9226 - HIGH PHP 5.6.31 Fixed bug in mbstring extension related to CVE-2017-9226 CVE-2017-9227 - HIGH PHP 5.6.31 Fixed bug in mbstring extension related to CVE-2017-9227 CVE-2017-9228 - HIGH PHP 5.6.31 Fixed bug in mbstring extension related to CVE-2017-9228 CVE-2017-9229 - MEDIUM PHP 5.6.31 Fixed bug in mbstring extension related to CVE-2017-9229 CVE-2017-7890 - MEDIUM PHP 5.6.31 Fixed bug in GD module related to CVE-2017-7890 SOLUTION cPanel, Inc. has released EasyApache 3.34.13 with an updated version of PHP 5.6.31. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of PHP. REFERENCES NVD - CVE-2017-9224 NVD - CVE-2017-9226 NVD - CVE-2017-9227 NVD - CVE-2017-9228 NVD - CVE-2017-9229 NVD - CVE-2017-7890 PHP: PHP 5 ChangeLog -----BEGIN PGP SIGNATURE----- Comment: GPGTools - GPG Suite iQIcBAEBCgAGBQJZZOCBAAoJEJUhvtyr2U3fgywQAKG1HREuG0/k7igaSruNqK/G tiE7H0u6X2jNQlymZQM/kRrKRVogLCGO9sjPjP5DkpolgIsVK/H+upr9xBwdNVQ1 yfKcaHJa5UG3zkCLt2znbCsrKMz1fv0JbXkE0CdpVumlHNE1wuWzYzBm+sphWHjJ sU0dxcvc3U9IthdgBtq55f2RqRsQXg5U6KI9Lht4wIzQzY6Di/OBEY1EYsiPHzGG rL9x6Y9IhCLJDb0htMoEk+HfLfEpAuMTGBADN196diCp4rVb/f6Zt8qA2taO9qCW dgkeqWlfhvgdfu9ZyZZhVoTmofbxKThmJM7WtUYxfzH66Qr27UltDKbHtg64+xyc NnHcOU81TWPcQVwVcygBPtHt/tiap8JgXG3eJ/EpNBTQE3AjCZtTsicrcHqu3ec/ ZZQFqjXGCeepvCLrd5Jajv0ek8rPQbFBPBigr0KFEn3dvxkyGrqGmBap0I8wGIGU tzHZ7Ur30omUZQZS93mc11TVE+X3mfFvDyXmInAN0+c7MuWpkCA4jJvcpcRuDvOc i/Bgsr+i2oLtlH1+gdG+C0mhyTzwyDe9jGX0wa7eQs4pO/MogxilKrz4Xywp6fFC zqe/lGcj7VO5IgqCjqyV0Aexy+MLkSdOmfIWGeFlYi6Rnp5UvdwrPD/WluXavlHM pansC1ubD9Ooc1MaOE9f =7y/r -----END PGP SIGNATURE-----
  

  0
• 

  ciao70

  • July 12, 2017 10:33

  @ThinIce EasyApache 4 HTTP2 Support Problem release Easy apache 3 and 4

  0
• 

  cPanelMichael

  • July 12, 2017 17:26

  As the subject line asks, will EA3 see a security update for PHP 5.6.31, which itself is a security release? I'm forced to administer a CL5 box with cPanel 56 for reasons outside of my control. I have been reluctant to attempt migrating to EA4 due to constrained on that system.

  
  Hello, Yes, an update for both EasyApache 3 and EasyApache 4 is expected later today and includes PHP version 5.6.31. You can watch the change log to see when it's published at: EasyApache Change Log - EasyApache - cPanel Documentation EasyApache 4 Change Log - EasyApache 4 - cPanel Documentation Thank you.

  0
• 

  Trane Francks

  • July 12, 2017 23:16

  Hello, Yes, an update for both EasyApache 3 and EasyApache 4 is expected later today and includes PHP version 5.6.31. You can watch the change log to see when it's published at: Thank you.

  
  Thanks. I'll keep an eye out for it. The EA4 patch has already been released. Still awaiting an updated change log for EA3.

  0
• 

  cPanelMichael

  • July 13, 2017 19:28

  Thanks. I'll keep an eye out for it. The EA4 patch has already been released. Still awaiting an updated change log for EA3.

  
  The update was released and the , , , and

  0

Please sign in to leave a comment.