cPanel has announced EasyApache 4 July 15 release. With the new release, cPanel updated PHP versions 7.4.8, 7.3.20, and 7.2.32 and Tomcat version 8.5.57. This release addresses vulnerabilities related to CVE-2020-8169, CVE-2020-13934 and CVE-2020-13935.
Table of Contents
2020-7-15 update
cPanel encourages all PHP 7.4 users to upgrade to version 7.4.8, all PHP 7.3 users to upgrade to version 7.3.20, all PHP 7.2 users to upgrade to version 7.2.32, and all Tomcat users to upgrade to version 8.5.57. With the new update cPanel has the changes below:
ea-libicu
- EA-9155: Update
ea-libicu
to 67.1, drop 66.
ea-freetds
- EA-9148: Update
ea-freetds
to 1.2.3, drop 1.1.24.
ea-php74
- EA-9150: Update
ea-php74
to 7.4.8, drop 7.4.7 (with fix for Windows users in CVE-2020-8169).
ea-php74-meta
- EA-9150: Update
ea-php74
to 7.4.8, drop 7.4.7 (with fix for Windows users in CVE-2020-8169).
scl-php72
- EA-9152: Update
scl-php72
to 7.2.32, drop 7.2.31 (with fix for Windows users in CVE-2020-8169).
scl-php72-meta
- EA-9152: Update
scl-php72
to 7.2.32, drop 7.2.31 (with fix for Windows users in CVE-2020-8169).
scl-php73
- EA-9153: Update
scl-php73
to to 7.3.20, drop 7.3.19 (with fix for Windows users in CVE-2020-8169).
scl-php73-meta
- EA-9153: Update
scl-php73
to 7.3.20, drop 7.3.19 (with fix for Windows users in CVE-2020-8169).
ea-tomcat85
- EA-9151: Update
ea-tomcat85
to 8.5.57, drop 8.5.56 (with fixes for CVE-2020-13935 and CVE-2020-13934).
This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.
Affected versions
All versions of PHP 7.4 through 7.4.7.
All versions of PHP 7.3 through 7.3.19.
All versions of PHP 7.2 through 7.2.31.
All versions of Tomcat 8.5 through 7.5.56.
Security Rating
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2020-8169 – Medium
PHP 7.4.8
Fixed bug related to CVE-2020-8169.
PHP 7.3.20
Fixed bug related to CVE-2020-8169.
PHP 7.2.32
Fixed bug related to CVE-2020-8169.
CVE-2020-13934 – Medium
Tomcat 8.5.57
Fixed bug related to CVE-2020-13934.
CVE-2020-13935 – Medium
Tomcat 8.5.57
Fixed bug related to CVE-2020-13935.