-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.26, 8.1.14, and 8.2.1. This release addresses vulnerabilities related to CVE-2022-31631. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.26, all PHP 8.1 users to upgrade to version 8.1.14, and all PHP 8.2 users to update to version 8.2.1.
 
 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.25.
All versions of PHP 8.1 through 8.1.13.
All versions of PHP 8.2 through 8.0.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2022-31631 - MEDIUM
PHP 8.0.26
Fixed vulnerability related to CVE-2022-31631.

PHP 8.1.14
Fixed vulnerability related toCVE-2022-31631.

PHP 8.2.1
Fixed vulnerability related to CVE-2022-31631.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on January 11, 2023, with PHP versions 8.0.26, 8.1.14, and 8.2.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631
https://www.php.net/ChangeLog-8.php#8.0.27
https://www.php.net/ChangeLog-8.php#8.1.14
https://www.php.net/ChangeLog-8.php#8.2.1




















-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmO/KgEACgkQlSG+3KvZ
Td8J9w//caoQlBMPrERjPGtjFalKOcycTGS5nlxWPFJS3PutfEImkkO17GAYrukI
yylPmynFtns5ZJb4heWYZoXmi2JBWPo13MhXQJWtbGZp1wDa0Yk/1yEa7jx+CI0F
pmxh73DyVpDMpy5r1uM3dHDFOks/Kt06JF0CMe2/4D4PHYQDe1aSPpOP3JSupdZ5
9ODhy6WAdobGMf1JGoURU2Wnm0IIY0t5SFe9YdqNau1yGxjxljbsBEbMkPf18O9K
dkxuoQ9Wf2XLWZcFelMqguuCgX7pCuabLhZBO6lTCDZcdyxykuTNRndVEg7Ivu8/
kUnD5wiEntzsmoVhhdi6LiHbMUB7TP8bGLfbkUPBBjQWvkc/yYNos0Va6vwHwi7I
6DcPH+9RYuCh4c+WjBvXATQ7vkAfqSN8jkELjR2EyAMY+7sdOXiZND5e3FCkMPai
dxPeac18GrLG1iW2rCJqAe1mCDe57bL06PTTOJI1+aX5zeEEmcjiD3ze1zMeRQN0
JqR4s4oAdhMfmXt9vFhsMTranwh96n6kuzNvl9B2gTMfoXCGeIoa/LxaE8k8sxKO
4RLbt4+yu3vsES8Zz7gXCatrTrZt+aVFTiWtofywibvHZgWuJcE5Xp2hfWZifLU+
a1IltxLZH+B3BNZ2doCzWZIZq9YkGo6+7pp3qu91q8OPJNZJKYQ=
=3WHO
-----END PGP SIGNATURE-----