Blog & News

The cPanel team has updated several RPMs for EasyApache 4 with various PHP versions. This release addresses vulnerabilities related to CVE-2018-19518 and CVE-2018-19935. All PHP users are strongly recommended to update their systems to the newest version of their PHP. Unless you have enabled automatic RPM updates as a cron job, please update your system with either yum update or WHM’s Run System Update interface.

Affected Versions

• All versions of PHP 5.6 through 5.6.38
• All versions of PHP 7.0 through 7.0.32
• All versions of PHP 7.1 through 7.1.24
• All versions of PHP 7.2 through 7.2.12

Security Rating

The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-19518 – MEDIUM

• PHP 5.6.39 - Fixed bug in IMAP module related to CVE-2018-19518
• PHP 7.0.33 - Fixed bug in IMAP module related to CVE-2018-19518
• PHP 7.1.25 - Fixed bug in IMAP module related to CVE-2018-19518
• PHP 7.2.13 - Fixed bug in IMAP module related to CVE-2018-19518

CVE-2018-19935 – MEDIUM

• PHP 5.6.39 - Fixed bug in IMAP module related to CVE-2018-19935
• PHP 7.0.33 - Fixed bug in IMAP module related to CVE-2018-19935