-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with PHP versions 8.0.1, 7.4.14, and 7.3.26 and NodeJS version 10.23.1. This release addresses vulnerabilities related to CVE-2020-8265, CVE-2020-8287, CVE-2020-1971, and CVE-2020-7071. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.1, all PHP 7.4 users to upgrade to version 7.4.14, all PHP 7.3 users to upgrade to version 7.3.26, and all NodeJS users to upgrade to version 10.23.1. AFFECTED VERSIONS All versions of PHP 8.0 through 8.0.0. All versions of PHP 7.4 through 7.4.13. All versions of PHP 7.3 through 7.3.25. All versions of NodeJS through 10.23.0. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2020-8265 - CRITICAL NodeJS 10.23.1 Fixed bug related to CVE-2020-8265. CVE-2020-8287 - MEDIUM NodeJS 10.23.1 Fixed bug related to CVE-2020-8287. CVE-2020-1971 - MEDIUM NodeJS 10.23.1 Fixed bug related to CVE-2020-1971. CVE-2020-7071 - MEDIUM PHP 7.3.26 Fixed bug related to CVE-2020-7071. PHP 7.4.14 Fixed bug related to CVE-2020-7071. PHP 8.0.1 Fixed bug related to CVE-2020-7071. SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on January 13, 2021, with updated versions of PHP 7.3.26, 7.4.14, and 8.0.1 and NodeJS version 10.23.1. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2020-8287 https://nvd.nist.gov/vuln/detail/CVE-2020-8265 https://nvd.nist.gov/vuln/detail/CVE-2020-1971 https://nvd.nist.gov/vuln/detail/CVE-2020-7071 https://www.php.net/ChangeLog-7.php https://www.php.net/ChangeLog-8.php https://nodejs.org/en/blog/release/v10.23.1/ -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl//aXwUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/LfQ//d4POufkEE5Gr1u8/6zin2xkEc/LF ids+UUQXfD2jXUfBtUjGLOFODnuFhOULex2ORjCbxXJ2CcaHouQWeWSDRraVdhte DYe1DQr52QDkq+r38Kn7ia/5qeGqlXWtO8unTemczFRbHp+8xRRdIEfkQl8HqY73 6Maidgy67ni/e6jacoEERONHAyL+cXFzA8cDOCkrVbU4psgM/Ov7u8VkwxbQxlbf db87Jig3z24maYz/DpV9EmYLtI7PTaPCjGEKT735HB/3R6NcJMDdZcuV1kVVhSMF jN71LOuUh/SjJPfh0L2OfK2F5o1pDRxFCoj7WDngl/MTj17ciATSETLlhfElTtIs 9x3A6qMqebrmB4dSs7SjdC9IhEsZr3goBqmM6EICWS2NPRuQ9wiEHqO6J65ebGOL 1p1eP2W7ATLvURl353PjcDeReMLvHvkgB8r/s5j/KakXpKylqZOZRCXX3HB2piwe HrrcF/EALFKz2k1xiTU1Q5WizG3PPO6bBJeHdhSzRvI14Z5ovMs7aDa4oXyq+gU1 cbEsebVvXn4dLXmwPLsCKbLsnSpXPAHFt4Nu8iE12vn1ehXlqMrY7VsIlBAoShtM Z9zJOPu6DmacykKZgT8RjRmbU5/5BxHhsISNFTjqPZFuLxiWMke+ydnkwwixrFhI CElqcDYDcsE2rZE= =ooBR -----END PGP SIGNATURE-----