-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1n in NodeJS. This release addresses vulnerabilities related to CVE-2022-0778. We strongly encourage all NodeJS users to upgrade to version 16.14.2 and take advantage of this OpenSSL fix. 
 
 
AFFECTED VERSIONS
All versions of NodeJS through 16.14.1.
All versions of OpenSSL through 1.1.1m.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2022-0778 - HIGH
OpenSSL 1.1.1n
Fixed vulnerability related to CVE-2022-0778.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on March 23, 2022, with OpenSSL version 1.1.1n and OpenSSL version 16.14.. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://www.openssl.org/news/vulnerabilities-1.1.1.html
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.14.2


















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmI7S/YUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd97BQ//Yl7cbQu/PFJutDZzNbrrKMnPUWMR
mb8pPNnFAgO0UTRUGsSE1rvYsS0E47QmCIQe/aXCjHTK6bjT740DXVKz9OvpirpE
O8J1IiZ+UGOluzQOwOP9qF5TTmH1SiRIRrzHygc9CVtuZMiTPyLgDac7pwnoHjJj
aoElsO1pzDfYGb6PfJHE7sFYABWA5TkmxoAUlVxkdr7RYfjV3WazZjFDt+jprFrI
QVJ3WZWymeQ7xFXqfmuPO7gMbBcde09X18tLJJIMD9xdXf+W8ZFZ1+KwrvjXl+Iw
G4atsQIzgqnQj/isrAv5871JA6UVnxT88dli/ocG7aZ+cI4f2E62WF0tlmimbZ6o
NU0oaTgLN9x+TT31Wb1aZYZeI3JCLQ8N/yrELVs0rcUSfyQrjb5I9lFbuBlDYb4b
Zw7y7IL69gIFErXVBw+HUWfSElEDOh+cjyzb7hBLBYicRfJ528E/vvAcHy1cbgvX
zA7pi/gp+yLcURw+FpzI1dXq7C+fvlch9WUxK8UixKi5oJzn/dVW8+cVMtk2Yg6Z
sg6S4vKUSe+az6OyC4afOHTJAc/1QElr8StykgI89yJEC4ytziYfeSRfWHXwTIjd
qWdVTCdGe9e5Yc/TbM+IN84zrQNnvWpuTL/66o3ubjFJrN+ku9nWPOs8Ljq6iPV0
7BPSR/JvP7ZDi1Q=
=aXcA
-----END PGP SIGNATURE-----