-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with ModSecurity version 2.9.6, OWASP ModSecurity Rule Set (CRS) version 3.3.4, and Ruby version 2.7.7. This release addresses vulnerabilities related to CVE-2022-39955, CVE-2022-39956, CVE-2022-39957, CVE-2022-39958, and CVE-2021-33621. We strongly encourage all ModSecurity users to update to version 2.9.6, all OWASP CRS users to update to version 3.3.4, and all Ruby users to update to version 2.7.7. AFFECTED VERSIONS All versions of ModSecurity through 2.9.5. All versions of OWASP CRS through 3.3.3. All versions of Ruby through 2.7.6. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2022-39955 - CRITICAL OWASP CRS 3.3.4 Fixed vulnerability related to CVE-2022-39955. CVE-2022-39956 - CRITICAL ModSecurity 2.9.6 Fixed vulnerability related to CVE-2022-39956. OWASP CRS 3.3.4 Fixed vulnerability related to CVE-2022-39956. CVE-2022-39957 - HIGH OWASP CRS 3.3.4 Fixed vulnerability related to CVE-2022-39957. CVE-2022-39958 - HIGH OWASP CRS 3.3.4 Fixed vulnerability related to CVE-2022-39958. CVE-2021-33621 - HIGH Ruby 2.7.7 Fixed vulnerability related toCVE-2021-33621. SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on December 7, 2022, with ModSecurity version 2.9.6, OWASP ModSecurity Rule Set (CRS) version 3.3.4, and Ruby version 2.7.7. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39955 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39956 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33621 https://raw.githubusercontent.com/coreruleset/coreruleset/v3.3/master/CHANGES https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6 https://www.ruby-lang.org/en/news/2022/11/24/ruby-2-7-7-released/ -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmOQ7JMUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9cPg//bkLF+NTmLC5TwuLT5MePHY/07Cm5 YmsYsJZxj3KTNL0J2BtQCMi6sxVxuf566lrFzZHLSzbMyLwG1X3/hJJN0WYZ9hB6 +7PtBBPRKIFTCq5Z/RE4Xx2WfV8Xx50DsTk+8zxiFYUY6+fu6OkNXuZO5WB84VvD n8cgyt/+wpMkwCOXfBGY7obkj0K1GhQMDv1hI3HBpjWQDWBs1fu26FxXuyJlHpLF 5Z+atqPSexYQ2BphFVbd+9EMGsZjfev2iVDgxzBEXwG0dP2n/uQeOWS7DeFtvyrs spweqqBcnzI0cSBcZ0YxSr9+z5VBTV1qX3Hv+10DYUVEPBMs5aE+kD9Np728D09e yiG1sB4lLpmB0jLwxGJf9jnQS0BsS2idWw1UDax/qZ8WX4rJQUgYd6MhLTNAxcy/ OItR99pElPUjBtfg/dHsm7Rr02Wz4X17ZzoWq9mk5B0LMGL28Rpvpghm1Yzid1cp GrLzUd72Hp4NqeLCPmZZEjNPIHXOs5f9lQtuzWqnwGOioVnNobVXXbzqQyF5MxDb ausNZylYK7ctEt3+4IicLu/fr8gYpL9IiGu1ES03pF6fTe9cgaG4+ol00KnvToHf 80UamspGwp4hZDJntMnoYRxOgZtMcE4U3+oc2MFnCx5FGtgPqGoFQEeUSFPtsKiy zALphRQiOYXbSS0= =ClXK -----END PGP SIGNATURE-----