-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.1.12 and 8.0.25 and libcurl version 7.86.0. This release addresses vulnerabilities related to CVE-2022-31630, CVE-2022-37454, CVE-2022-32221, CVE-2022-35260, CVE-2022-42915 and CVE-2022-42916. We strongly encourage all PHP 8.1 users to update to version 8.1.12, all PHP 8.0 users to update to version 8.0.25, and all libcurl users to update to version 7.86.0.
 
 
AFFECTED VERSIONS
All versions of PHP 8.1 through 8.1.11.
All versions of PHP 8.0 through 8.0.24.
All versions of libcurl through 7.85.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2022-31630 - HIGH
PHP 8.1.12
Fixed vulnerability related to CVE-2022-31630.

PHP 8.0.25
Fixed vulnerability related to CVE-2022-31630.


CVE-2022-37454 - CRITICAL
PHP 8.1.12
Fixed vulnerability related to CVE-2022-37454.

PHP 8.0.25
Fixed vulnerability related to CVE-2022-37454.


CVE-2022-32221 - MEDIUM
libcurl 7.86.0
Fixed vulnerability related to CVE-2022-32221.


CVE-2022-35260 - MEDIUM
libcurl 7.86.0
Fixed vulnerability related to CVE-2022-35260.


CVE-2022-42915 - CRITICAL
libcurl 7.86.0
Fixed vulnerability related to CVE-2022-42915.


CVE-2022-42916 - HIGH
libcurl 7.86.0
Fixed vulnerability related to CVE-2022-42916.

SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on Nocember 2, 2022, with PHP versions 8.1.12 and 8.0.25, and libcurl version 7.86.0. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42916
https://www.php.net/ChangeLog-8.php#8.0.25
https://www.php.net/ChangeLog-8.php#8.1.12
https://curl.se/docs/security.html



















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmNiqBkUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+4GA/8DYFIEHJspRX4wMOihbd/IQUTyiI8
dDQXA72ciMPhyASJ7L1na3conUORjQ/zKiwNnYsAhxA55op8tkxe2DnBIh1pwPRU
J11Cw0FmTBLqbEiQWKnDzomXcAj7x64ITrhh5Zs7gbqbBx4k1M5SHWGq+GCtU02O
T3CckuEIBIlybrYTuci1dL4HB22KjjrmAGzaXQtYErPFFilxiUx6Ry6BHFq8N0aY
0whx1pE16Arw3ROQgc7SQOHFEb0VqxqSXhEMLItsJ9Pn3KJZDJ6SlD0QT7tEld4f
tW7wb+Q0AW6t1fXGmxPg08IT7hUhY5fxySB7C22tYjm81RSLgqtDysmh1/Nl/SOl
21kf5E5aB7duURGsl33rldnS7XIyYIzdCQWuTPAV9qZsEtLdUfxBrMSxVUYGgQ+d
zxiK+n2XaBL2LOIrWsy5kbyXEzM0ZmH3ikhtLuUWHDhwMuy+extfKBAXDgJthhyW
LkHnmVjww22ueQMQ79ezhUDHz1EQoXniEEq/cLR3zKqEDsBhKl/YCMWjmriOX88G
ZB7h3h5A0Pa1Y7yYi7aKeoG7qtKnR0gzwtBwspIJt66j7fgdLiDrzfSV87AUjg0F
DfeJ+l9sg1xLWsygVkks5bySDng+ce8vIdOW7PziA8mgx1vKxBAHw9xs1iC/YDqs
jbjouSipoNWHius=
=jcLe
-----END PGP SIGNATURE-----