-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has released updated packages for EasyApache 4 with libcurl version 7.84.0. This release addresses vulnerabilities related to CVE-2022-32208, CVE-2022-32207, CVE-2022-32206, and CVE-2022-32205. We strongly encourage all EA4 users to update to version 7.84.0 of libcurl. AFFECTED VERSIONS All versions of libcurl through 7.83.1. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2022-32208 - MEDIUM libcurl 7.84.0 Fixed vulnerability related to FTP-KRB bad-message verification CVE-2022-32207 - MEDIUM libcurl 7.84.0 Fixed vulnerability related to unpreserved file permissions CVE-2022-32206 - MEDIUM libcurl 7.84.0 Fixed vulnerability related to HTTP compression denial-of-service CVE-2022-32205 - MEDIUM Fixed vulnerability related to Set-Cookie denial-of-service SOLUTION cPanel, L.L.C. released updated packages for EasyApache 4 on June 29, 2022, with libcurl version 7.84.0. Unless you have enabled automatic package updates in your server’s cron, update your system with either its package manager or WHM's Run System Update interface. REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208 https://cwe.mitre.org/data/definitions/924.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207 https://cwe.mitre.org/data/definitions/281.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206 https://cwe.mitre.org/data/definitions/770.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205 https://cwe.mitre.org/data/definitions/770.html -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmK8gwkUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+ZhA//aq7eCoqGaVGnTmpjU5693+LATQOz 2aITtvd6IfieRq5Pwm0W6JGLiiCSGuV0zCT5pPQ9GxYVoBlI4wHGM5PsTE9m8Eec AAY8nTEiTe4G0NT20ITTma8SGfo+IIU0p1tfSbwNI1sIhoxvuua3g59KtyQulFBF lf+Z4UBu9EyhmIF4aPMEqGQD/RY3Avvavj7kFK2cNhQ6mUUSbVUdOWGBA2lA8q87 Z9SMwd/unLeSzCyFMTmNR7Favcuh2NZbrgX+IwSFVMm+WwVnTbP1umKM23JNPwKt DVXp22p9IGPcezq1wmZ+1WEH97H7LUZul1hzqdYkcGTZiTHr/u6n6AWu8sDCPiCf G4DgW3Qxh7vESvlPretWyVYyeaHfvk2Oc/W0Iy5e9yyKN7CfFTikV/8SJnbeDQrp PUOYRJxMyPc2HLqq95Uts7pNvRzg4Hjo7LfPw3IICMsRHOhgKFES16SxglKcKQbo noPSrsk5ATC5aGIWqUtz83VGICJVnlDHCluZfHGVl/JVEEW5E2pMxi+JzbpOtzYI Bry2P5K4OnLxLGygFsr6LuuDOhKHtX8Euc0MZcdZI4iKPZKivWCcWB7/27IRKNLg QxM1jVz6hqEtSKMqCqDMkgXOiW22FpHd3WXrfos25rNkY98YKs+L+Ujh2/duNbk9 6o3VMpLQqNzywtw= =4kMt -----END PGP SIGNATURE-----