-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with libcurl version 7.87.0. This release addresses vulnerabilities related to CVE-2022-43551 and CVE-2022-43552. We strongly encourage all libcurl users to update to version 7.87.0.
 
 
AFFECTED VERSIONS
All versions of libcurl through 7.86.0.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2022-43551 - MEDIUM
libcurl 7.87.0
Fixed vulnerability related to CVE-2022-43551.

CVE-2022-43552 - MEDIUM
libcurl 7.87.0
Fixed vulnerability related to CVE-2022-43552.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on January 4, 2023, with libcurl version 7.87.0. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
https://curl.se/changes.html



















-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmO12AEACgkQlSG+3KvZ
Td/HDg//TUv6ZucQYdbKq3DWewUTTPMpCc1pDv77NJYll3bR4s6ZqnwR/7W0sWUz
zXf5QD/augsPIJ4d0Ad/jYPjwkYpf/jOaBl1a9jm/subM8j9Tew205fO4rs4ije2
9WbmhHUcY2oAEQ+a27xAWBEmcWSTxhMG7O3/sipQ51d3k8Y/uqTIIFhlyc9jnj+3
VVAqGqs9k0Z3++55CmIo9vdrtsKF+IDMgzYwC8j8JvK/m/IvxF15Q9vgEkCu3IiB
bcXNTrKDXW7SxMHAHwYgq0xJQ5HPBdO6FSRrPXCAMSCFRPlREAD5wWPcsWBqgvg7
PECc5LBJNtmdjASphmZSo6ppSiauw6oCrPOlb1CXv6U4Ie44pB2W7b6ZPNdhbwza
maHKX2yFouq7Hmad7bZUBb2nwArqgCio/FNbRFs72YVa1LtrXxetP11zP9iaU64s
cxQdDfLu9ag9fLZX98MrqpIe8DNyPOnCXrjxq/YzbuXzMz2mu/ZpovaPhLRQSChj
ThEroozOktLQdfAOrLVzF3JPPOgnfc0y0fxTc2sb2XurtKZkNzmaFfjHG5BAd7O1
6v8qhKi/v3+6cAIT62IaosdCLUk5kLEPG8E+85GIJpd1NefHkFVWLHFfmiW1G9NU
XFJCpPeTguXjvZS9yB5OdH2EuL9YeMCr+koW4zFBpzyDuGGoat4=
=Q1qV
-----END PGP SIGNATURE-----