-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.4.30, 8.0.20, and 8.1.7 and Apache version 2.4.54. This release addresses vulnerabilities related to CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-31626, and CVE-2022-31625. We strongly encourage all PHP 7.4 users to update to version 7.4.30, all PHP 8.0 users to update to version 8.0.20, all PHP 8.1 users to update to version 8.1.7, and all Apache users to update to version 2.4.54. AFFECTED VERSIONS All versions of PHP 7.4 through 7.4.29. All versions of PHP 8.0 through 8.0.19. All versions of PHP 8.1 through 8.1.6. All versions of Apache through 2.4.53. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2022-26377 - MEDIUM Apache 2.4.54 Fixed vulnerability in the mod_proxy_ajp module related to CVE-2022-26377. CVE-2022-28330 - MEDIUM Apache 2.4.54 Fixed vulnerability in the mod_isapi module related to CVE-2022-28330. CVE-2022-28614 - MEDIUM Apache 2.4.54 Fixed vulnerability related to CVE-2022-28614. CVE-2022-28615 - MEDIUM Apache 2.4.54 Fixed vulnerability related to CVE-2022-28615. CVE-2022-29404 - MEDIUM Apache 2.4.54 Fixed vulnerability in the mod_lua module related to CVE-2022-29404. CVE-2022-30522 - MEDIUM Apache 2.4.54 Fixed vulnerability in the mod_sed module related to CVE-2022-30522. CVE-2022-30556 - MEDIUM Apache 2.4.54 Fixed vulnerability in the mod_lua module related to CVE-2022-30556. CVE-2022-31813 - MEDIUM Apache 2.4.54 Fixed vulnerability in the mod_proxy module related to CVE-2022-31813. CVE-2022-31626 - MEDIUM PHP 7.4.30 Fixed vulnerability related to CVE-2022-31626. PHP 8.0.20 Fixed vulnerability related to CVE-2022-31626. PHP 8.1.7 Fixed vulnerability related to CVE-2022-31626. CVE-2022-31625 - MEDIUM PHP 7.4.30 Fixed vulnerability related to CVE-2022-31625. PHP 8.0.20 Fixed vulnerability related to CVE-2022-31625. PHP 8.1.7 Fixed vulnerability related to CVE-2022-31625. SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on June 15, 2022, with PHP versions 7.4.30, 8.0.20, 8.1.7 and Apache version 2.4.54. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 https://www.php.net/ChangeLog-7.php#7.4.30 https://www.php.net/ChangeLog-8.php#8.0.20 https://www.php.net/ChangeLog-8.php#8.1.7 https://downloads.apache.org/httpd/CHANGES_2.4.54 -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmKqELgUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9Z2A//WHl1MwEtOozQHmJyuOoSlomOx5eQ RKoQ041L7C8D30TNDYYk9eODjlLtbv7/DJcsiBCxtwRl2nOM7xJzV1M3TVUc2Iqj ZQhrI7l6LNCRJlLKBRjBOqDlGnkY7Fq/X17LAZ7zVGJ3J0AEDZD1yxwFWyns2TPc Z+UWs7FFOWYbWp3qHXJ3pUiur/jAgLdaO8VB9/pblaYglv3sGb1g7GOz5dvCQ2/W xtYqxTR3z58po3yXAyZfj9UTPst/aAwS1gTnkT3M1eZi1eWy0t2sm+kQ/cAQMV2C FTqwcnqcGh/ewm+mV9AlYlTwNBo1Xej2bW6bREZsBuEGy+dgbw5oisjqJz1jaIjs d/mtgLTeS5y5Mulex1XZzg4qZhJnBx3MWWM3Z+jsaSQiyoFsxkqoUjR5okaIarql 8FWgafV7UmmkIFmUuYlEicIwLjRDdJ054JQj5oVELxCCuFhWImf5mtlwO6v7zdUt NVd3CTTO8+m0xvw9ObaXgzyJLZPZmh1SWSBBjXdDdToVFTE3vGWBpMovDKX28ERI u4zSpYY5gbt30kizBbmP0ISOhZqFBLRus4jpeTV0qch+KqnM/l+9IAX5QS+R1WIu 1pnJtkFyUtad/QP2jJIjn3jh6RKUmYHbYVG9ppmejSPt3IQCYZHusolo1DDMhjLg ib0wWvRBw0gzvLo= =9SjU -----END PGP SIGNATURE-----