-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.1, 7.4.14, and 7.3.26 and NodeJS version 10.23.1. This release addresses vulnerabilities related to CVE-2020-8265, CVE-2020-8287, CVE-2020-1971, and CVE-2020-7071. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.1, all PHP 7.4 users to upgrade to version 7.4.14, all PHP 7.3 users to upgrade to version 7.3.26, and all NodeJS users to upgrade to version 10.23.1.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.0.
All versions of PHP 7.4 through 7.4.13.
All versions of PHP 7.3 through 7.3.25.
All versions of NodeJS through 10.23.0.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-8265 - CRITICAL
NodeJS 10.23.1
Fixed bug related to CVE-2020-8265.


CVE-2020-8287 - MEDIUM
NodeJS 10.23.1
Fixed bug related to CVE-2020-8287.


CVE-2020-1971 - MEDIUM
NodeJS 10.23.1
Fixed bug related to CVE-2020-1971.


CVE-2020-7071 - MEDIUM
PHP 7.3.26
Fixed bug related to CVE-2020-7071.

PHP 7.4.14
Fixed bug related to CVE-2020-7071.

PHP 8.0.1
Fixed bug related to CVE-2020-7071.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on January 13, 2021, with updated versions of PHP  7.3.26, 7.4.14, and 8.0.1 and NodeJS version 10.23.1. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-8287
https://nvd.nist.gov/vuln/detail/CVE-2020-8265
https://nvd.nist.gov/vuln/detail/CVE-2020-1971
https://nvd.nist.gov/vuln/detail/CVE-2020-7071
https://www.php.net/ChangeLog-7.php
https://www.php.net/ChangeLog-8.php
https://nodejs.org/en/blog/release/v10.23.1/












-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl//aXwUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/LfQ//d4POufkEE5Gr1u8/6zin2xkEc/LF
ids+UUQXfD2jXUfBtUjGLOFODnuFhOULex2ORjCbxXJ2CcaHouQWeWSDRraVdhte
DYe1DQr52QDkq+r38Kn7ia/5qeGqlXWtO8unTemczFRbHp+8xRRdIEfkQl8HqY73
6Maidgy67ni/e6jacoEERONHAyL+cXFzA8cDOCkrVbU4psgM/Ov7u8VkwxbQxlbf
db87Jig3z24maYz/DpV9EmYLtI7PTaPCjGEKT735HB/3R6NcJMDdZcuV1kVVhSMF
jN71LOuUh/SjJPfh0L2OfK2F5o1pDRxFCoj7WDngl/MTj17ciATSETLlhfElTtIs
9x3A6qMqebrmB4dSs7SjdC9IhEsZr3goBqmM6EICWS2NPRuQ9wiEHqO6J65ebGOL
1p1eP2W7ATLvURl353PjcDeReMLvHvkgB8r/s5j/KakXpKylqZOZRCXX3HB2piwe
HrrcF/EALFKz2k1xiTU1Q5WizG3PPO6bBJeHdhSzRvI14Z5ovMs7aDa4oXyq+gU1
cbEsebVvXn4dLXmwPLsCKbLsnSpXPAHFt4Nu8iE12vn1ehXlqMrY7VsIlBAoShtM
Z9zJOPu6DmacykKZgT8RjRmbU5/5BxHhsISNFTjqPZFuLxiWMke+ydnkwwixrFhI
CElqcDYDcsE2rZE=
=ooBR
-----END PGP SIGNATURE-----