-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1o. This release addresses vulnerabilities related to CVE-2022-1473 and CVE-2022-1292. We strongly encourage all OpenSSL users to upgrade to version 1.1.1o. AFFECTED VERSIONS All versions of OpenSSL through 1.1.1n. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2022-0778 - MEDIUM OpenSSL 1.1.1o Fixed vulnerability related to CVE-2022-1473. CVE-2022-0778 - MEDIUM OpenSSL 1.1.1o Fixed vulnerability related to CVE-2022-1292. SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on May 11, 2022, with OpenSSL version 1.1.1o. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292 https://www.openssl.org/news/vulnerabilities-1.1.1.html -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmJ74vsUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/GCw/+OFsZ0boD0m2Acz+uBOmip7+RkSAH W/yf9MQrLbaK++FE0CJIeSRF2LtcAa8cXIwEi4ZHvMKqQY3+0I/jisHrdjy7vToa AVvqAp8S9SADl4/2d9RHITaMSzf5aUwauvmgment294f2IkjFH3BFiWjvc5GX6gj Yn+lNtW0BArS7UZuNivB0ALJ9y5TTZ3ndj+ot5ryUz0ebs/WB+/O264PtaAUqWeI 3BOboYc4+kSavdSrGUDVIV8KX4qoeeQo3yBrhAn5ZQV8VFn/vQUXOL87BpxdYshn ifM+MHzhzB1Y/3i9rcV9DMNqRm8usepXCoLUvMpf272qtdS7NmiZo8pKfbCk+VGs 9Svd/mU8xj/iKn/QtTiu2Bav5ifDtRPVEKmIFwk+qBEixaQQYr+NKg7hsOZnXMii 7kSE2iaGDqJFwytk/zydj/LR1QuwOlB34ZSfxdsGOrIOko9zi5ByX2pG3kh8rQdm FE0tf1xPNbFaGsVcFxui1sks67vZ8+/dPj7kqFD0eAPs3K9JUnmNEFnVJumRj2L5 6rLb2Z9i6j2kdbU762EGWTnevhS4cycCeZqr5MNm9r5//lSI69bRB/6HazryLjhl WvZftLAFT+N3C3wHKGVhamzQto6JBkyxvTnB6AMG1wZSvky4D14+8v0QlTHjPHOs +9gVgJFUO6GKevc= =5xrd -----END PGP SIGNATURE-----