cPanel has declared the release of EasyApache 4 July 15. Through the latest release cPanel updated the PHP versions 7.4.8, 7.3.20, and 7.2.32 and Tomcat version 8.5.57. The latest release of EasyApache addresses bugs and vulnerabilities associated with CVE-2020-8169, CVE-2020-13934, and CVE-2020-13935.
July 15 update
cPanel suggests each and every PHP 7.4 users update
to version 7.4.8, all PHP 7.3 users to update to version 7.3.20, all PHP 7.2 users to update to version 7.2.32, and furthermore, each and every Tomcat users to update to version 8.5.57. The new update cPanel brings the following changes:
ea-libicu
- EA-9155: Updated ea-libicu to 67.1, drop 66.
ea-freetds
- EA-9148: Updated ea-freetds to 1.2.3, drop 1.1.24.
ea-php74
- EA-9150: Updated ea-php74 to 7.4.8, drop 7.4.7 (through the fix for Windows users in CVE-2020-8169)
ea-php74-meta
- EA-9150: Updated ea-php74 to 7.4.8, drop 7.4.7 (through the fix for Windows users in CVE-2020-8169).
scl-php72
- EA-9152: Updated scl-php72 to 7.2.32, drop 7.2.31 (through the fix for Windows users in CVE-2020-8169).
scl-php72-meta
- EA-9152: Updated scl-php72 to 7.2.32, drop 7.2.31 (through the fix for Windows users in CVE-2020-8169).
scl-php73
- EA-9153: Updated scl-php73 to 7.3.20, drop 7.3.19 (through the fix for Windows users in CVE-2020-8169).
scl-php73-meta
- EA-9153: Update scl-php73 to 7.3.20, drop 7.3.19 (through the fix for Windows users in CVE-2020-8169).
ea-tomcat85
- EA-9151: Update ea-tomcat85 to 8.5.57, drop 8.5.56 (through the fixes for CVE-2020-13935 and CVE-2020-13934).
The latest release incorporates a security patch that has been a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are covered beneath.
Every version of PHP from 7.4 to 7.4.7 is affected.
Every version of PHP from 7.3 to 7.3.19 is affected.
Every version of PHP from 7.2 to 7.2.31 is affected.
Every version of Tomcat from 8.5 to 7.5.56 is affected.
Security Rating
The National Vulnerability Database (NIST) has provided the following severity ratings to these CVEs:
CVE-2020-8169 – Medium
PHP 7.4.8
Fixed the bug associated with CVE-2020-8169.
PHP 7.3.20
Fixed the bug associated with CVE-2020-8169.
PHP 7.2.32
Fixed the bug associated withCVE-2020-8169.
CVE-2020-13934 – Medium
Tomcat 8.5.57
Fixed the bug associated with CVE-2020-13934.
CVE-2020-13935 – Medium
Tomcat 8.5.57
Fixed the bug associated with CVE-2020-13935.
Looking for more software news Stay tuned for the latest update news, subscribe to our newsletter to get the latest and regular updates.
