-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1n in NodeJS. This release addresses vulnerabilities related to CVE-2022-0778. We strongly encourage all NodeJS users to upgrade to version 16.14.2 and take advantage of this OpenSSL fix. AFFECTED VERSIONS All versions of NodeJS through 16.14.1. All versions of OpenSSL through 1.1.1m. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2022-0778 - HIGH OpenSSL 1.1.1n Fixed vulnerability related to CVE-2022-0778. SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on March 23, 2022, with OpenSSL version 1.1.1n and OpenSSL version 16.14.. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778 https://www.openssl.org/news/vulnerabilities-1.1.1.html https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#16.14.2 -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmI7S/YUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd97BQ//Yl7cbQu/PFJutDZzNbrrKMnPUWMR mb8pPNnFAgO0UTRUGsSE1rvYsS0E47QmCIQe/aXCjHTK6bjT740DXVKz9OvpirpE O8J1IiZ+UGOluzQOwOP9qF5TTmH1SiRIRrzHygc9CVtuZMiTPyLgDac7pwnoHjJj aoElsO1pzDfYGb6PfJHE7sFYABWA5TkmxoAUlVxkdr7RYfjV3WazZjFDt+jprFrI QVJ3WZWymeQ7xFXqfmuPO7gMbBcde09X18tLJJIMD9xdXf+W8ZFZ1+KwrvjXl+Iw G4atsQIzgqnQj/isrAv5871JA6UVnxT88dli/ocG7aZ+cI4f2E62WF0tlmimbZ6o NU0oaTgLN9x+TT31Wb1aZYZeI3JCLQ8N/yrELVs0rcUSfyQrjb5I9lFbuBlDYb4b Zw7y7IL69gIFErXVBw+HUWfSElEDOh+cjyzb7hBLBYicRfJ528E/vvAcHy1cbgvX zA7pi/gp+yLcURw+FpzI1dXq7C+fvlch9WUxK8UixKi5oJzn/dVW8+cVMtk2Yg6Z sg6S4vKUSe+az6OyC4afOHTJAc/1QElr8StykgI89yJEC4ytziYfeSRfWHXwTIjd qWdVTCdGe9e5Yc/TbM+IN84zrQNnvWpuTL/66o3ubjFJrN+ku9nWPOs8Ljq6iPV0 7BPSR/JvP7ZDi1Q= =aXcA -----END PGP SIGNATURE-----