The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for CVE-2013-4248 in the OpenSSL module and a compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19. cPanel has released EasyApache 3.22.7 with PHP 5.5.3 and 5.4.19 to address this issue.
All versions of PHP5.5 before 5.5.3 and PHP5.4 before 5.4.19.
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2013-4248 – MEDIUM
PHP 5.5.3
Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248.
PHP 5.4.19
Fixed UMR (Unitialized Memory Read) bug in the original fix for CVE-2013-4248.
cPanel, Inc. has released EasyApache 3.22.7 with updated versions of PHP5.4 and PHP5.5 to correct these issues. Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run.
ALPINE HOSTING
PHP was upgraded from v5.4.18 to v5.4.19 on 08-26-2013
ADDITIONAL INFORMATION
Please submit a support or service ticket with any questions regarding this update.
