-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1o. This release addresses vulnerabilities related to CVE-2022-1473 and CVE-2022-1292. We strongly encourage all OpenSSL users to upgrade to version 1.1.1o. 
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1n.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2022-0778 - MEDIUM
OpenSSL 1.1.1o
Fixed vulnerability related to CVE-2022-1473.

CVE-2022-0778 - MEDIUM
OpenSSL 1.1.1o
Fixed vulnerability related to CVE-2022-1292.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on May 11, 2022, with OpenSSL version 1.1.1o. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
https://www.openssl.org/news/vulnerabilities-1.1.1.html



















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmJ74vsUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/GCw/+OFsZ0boD0m2Acz+uBOmip7+RkSAH
W/yf9MQrLbaK++FE0CJIeSRF2LtcAa8cXIwEi4ZHvMKqQY3+0I/jisHrdjy7vToa
AVvqAp8S9SADl4/2d9RHITaMSzf5aUwauvmgment294f2IkjFH3BFiWjvc5GX6gj
Yn+lNtW0BArS7UZuNivB0ALJ9y5TTZ3ndj+ot5ryUz0ebs/WB+/O264PtaAUqWeI
3BOboYc4+kSavdSrGUDVIV8KX4qoeeQo3yBrhAn5ZQV8VFn/vQUXOL87BpxdYshn
ifM+MHzhzB1Y/3i9rcV9DMNqRm8usepXCoLUvMpf272qtdS7NmiZo8pKfbCk+VGs
9Svd/mU8xj/iKn/QtTiu2Bav5ifDtRPVEKmIFwk+qBEixaQQYr+NKg7hsOZnXMii
7kSE2iaGDqJFwytk/zydj/LR1QuwOlB34ZSfxdsGOrIOko9zi5ByX2pG3kh8rQdm
FE0tf1xPNbFaGsVcFxui1sks67vZ8+/dPj7kqFD0eAPs3K9JUnmNEFnVJumRj2L5
6rLb2Z9i6j2kdbU762EGWTnevhS4cycCeZqr5MNm9r5//lSI69bRB/6HazryLjhl
WvZftLAFT+N3C3wHKGVhamzQto6JBkyxvTnB6AMG1wZSvky4D14+8v0QlTHjPHOs
+9gVgJFUO6GKevc=
=5xrd
-----END PGP SIGNATURE-----