-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. This release addresses vulnerabilities related to CVE-2022-31630, CVE-2022-37454, and CVE-2022-43548. We strongly encourage all PHP 7.4 users to update to version 7.4.33 and all ea-nodejs16 users to update to version 16.18.1. AFFECTED VERSIONS All versions of PHP 7.4 through 7.4.32. All versions of ea-nodejs16 through 16.18.0. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2022-31630 - HIGH PHP 7.4.33 Fixed vulnerability related to CVE-2022-31630. CVE-2022-37454 - CRITICAL PHP 7.4.33 Fixed vulnerability related to CVE-2022-37454. CVE-2022-43548 - MEDIUM Ea-nodejs16 16.18.1 Fixed vulnerability related to CVE-2022-43548 SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on November 9, 2022, with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548 https://www.php.net/ChangeLog-7.php#7.4.33 https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.18.1 -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmNsIHEUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8PABAAv5ig87Np1puV1FfQPIGDuIVT6K2e HGL8AHTQTDTDF1VkbS06/YGMqBMg9ugEoBLhvqajU0xA00Gyx0du5/TMUkQ7aIA4 f4IFfgppljd4jdmasRgs+YT7isQl0qUSSVRqEZveEQjIhM6s/BA8qnKCSRfDOv8H Ms2kqQJyFx8CBKt2Iy49NwzcjOjyx12I6V5D+psS0uvaNqvr1a1ghLTy3xvvH6US vM6K2e02y2bOiw/YrWn1WXFiDrP3YJBfum3pxz5ADSt5VqZYrL92cdJJMsc321VK RHEJcBapkLV+O4w7mg5T92AxOTey45MVe+nbiQdgQbMfMzjADwdQfv+kCXv+XbTD Jdogc23ChyPPxIWTCT5xQFo7jsOM28gSGgSn0IIewFvym1BRYgYTnSN3V/rbGk1S vpuSwJyrjcK2JoI5d9k8/HdL9AMd4ydYyUMNOA29oAG1I3dMPn17LF9DSxyP4iQM P6MrHMy2bqkKFEk04ALEBspkMtweBdwk31AhXQqjsslAUlbSlvn/Tf9LIoeWuRnR uXM79fsOrBcP4yuoZ5TZmv2pkDEHcP4Kr3rcc3iLU2ofJwfTpMDqj0nUqj/FRQx/ JnUFLdXJT/p6kZjVbpljGZTrqlv6xQH2azaHV0HIdnwGFQc+HxRHrh+klfRiB3ZD JEad6oNKbuxqNGg= =qhpe -----END PGP SIGNATURE-----