-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. This release addresses vulnerabilities related to CVE-2022-31630, CVE-2022-37454, and CVE-2022-43548. We strongly encourage all PHP 7.4 users to update to version 7.4.33 and all ea-nodejs16 users to update to version 16.18.1.
 
 
AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.32.
All versions of ea-nodejs16 through 16.18.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2022-31630 - HIGH
PHP 7.4.33
Fixed vulnerability related to CVE-2022-31630.

CVE-2022-37454 - CRITICAL
PHP 7.4.33
Fixed vulnerability related to CVE-2022-37454.


CVE-2022-43548 - MEDIUM
Ea-nodejs16 16.18.1
Fixed vulnerability related to CVE-2022-43548

SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on November 9, 2022, with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
https://www.php.net/ChangeLog-7.php#7.4.33
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.18.1


















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmNsIHEUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8PABAAv5ig87Np1puV1FfQPIGDuIVT6K2e
HGL8AHTQTDTDF1VkbS06/YGMqBMg9ugEoBLhvqajU0xA00Gyx0du5/TMUkQ7aIA4
f4IFfgppljd4jdmasRgs+YT7isQl0qUSSVRqEZveEQjIhM6s/BA8qnKCSRfDOv8H
Ms2kqQJyFx8CBKt2Iy49NwzcjOjyx12I6V5D+psS0uvaNqvr1a1ghLTy3xvvH6US
vM6K2e02y2bOiw/YrWn1WXFiDrP3YJBfum3pxz5ADSt5VqZYrL92cdJJMsc321VK
RHEJcBapkLV+O4w7mg5T92AxOTey45MVe+nbiQdgQbMfMzjADwdQfv+kCXv+XbTD
Jdogc23ChyPPxIWTCT5xQFo7jsOM28gSGgSn0IIewFvym1BRYgYTnSN3V/rbGk1S
vpuSwJyrjcK2JoI5d9k8/HdL9AMd4ydYyUMNOA29oAG1I3dMPn17LF9DSxyP4iQM
P6MrHMy2bqkKFEk04ALEBspkMtweBdwk31AhXQqjsslAUlbSlvn/Tf9LIoeWuRnR
uXM79fsOrBcP4yuoZ5TZmv2pkDEHcP4Kr3rcc3iLU2ofJwfTpMDqj0nUqj/FRQx/
JnUFLdXJT/p6kZjVbpljGZTrqlv6xQH2azaHV0HIdnwGFQc+HxRHrh+klfRiB3ZD
JEad6oNKbuxqNGg=
=qhpe
-----END PGP SIGNATURE-----