-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has released updated packages for EasyApache 4 with libcurl version 7.84.0. This release addresses vulnerabilities related to CVE-2022-32208, CVE-2022-32207, CVE-2022-32206, and CVE-2022-32205. We strongly encourage all EA4 users to update to version 7.84.0 of libcurl.
 
 
AFFECTED VERSIONS
All versions of libcurl through 7.83.1.


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-32208 - MEDIUM
libcurl 7.84.0
Fixed vulnerability related to FTP-KRB bad-message verification

CVE-2022-32207 - MEDIUM
libcurl 7.84.0
Fixed vulnerability related to unpreserved file permissions

CVE-2022-32206 - MEDIUM
libcurl 7.84.0
Fixed vulnerability related to HTTP compression denial-of-service

CVE-2022-32205 - MEDIUM
Fixed vulnerability related to Set-Cookie denial-of-service


SOLUTION
cPanel, L.L.C. released updated packages for EasyApache 4 on June 29, 2022, with libcurl version 7.84.0. Unless you have enabled automatic package updates in your server’s cron, update your system with either its package manager or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
https://cwe.mitre.org/data/definitions/924.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
https://cwe.mitre.org/data/definitions/281.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
https://cwe.mitre.org/data/definitions/770.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
https://cwe.mitre.org/data/definitions/770.html
-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmK8gwkUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+ZhA//aq7eCoqGaVGnTmpjU5693+LATQOz
2aITtvd6IfieRq5Pwm0W6JGLiiCSGuV0zCT5pPQ9GxYVoBlI4wHGM5PsTE9m8Eec
AAY8nTEiTe4G0NT20ITTma8SGfo+IIU0p1tfSbwNI1sIhoxvuua3g59KtyQulFBF
lf+Z4UBu9EyhmIF4aPMEqGQD/RY3Avvavj7kFK2cNhQ6mUUSbVUdOWGBA2lA8q87
Z9SMwd/unLeSzCyFMTmNR7Favcuh2NZbrgX+IwSFVMm+WwVnTbP1umKM23JNPwKt
DVXp22p9IGPcezq1wmZ+1WEH97H7LUZul1hzqdYkcGTZiTHr/u6n6AWu8sDCPiCf
G4DgW3Qxh7vESvlPretWyVYyeaHfvk2Oc/W0Iy5e9yyKN7CfFTikV/8SJnbeDQrp
PUOYRJxMyPc2HLqq95Uts7pNvRzg4Hjo7LfPw3IICMsRHOhgKFES16SxglKcKQbo
noPSrsk5ATC5aGIWqUtz83VGICJVnlDHCluZfHGVl/JVEEW5E2pMxi+JzbpOtzYI
Bry2P5K4OnLxLGygFsr6LuuDOhKHtX8Euc0MZcdZI4iKPZKivWCcWB7/27IRKNLg
QxM1jVz6hqEtSKMqCqDMkgXOiW22FpHd3WXrfos25rNkY98YKs+L+Ujh2/duNbk9
6o3VMpLQqNzywtw=
=4kMt
-----END PGP SIGNATURE-----