-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.28, 8.1.16, and 8.2.3, libcurl version 7.88.0, and ModSecurity 2.9.7. This release addresses vulnerabilities related to CVE-2023-0567, CVE-2023-0568, CVE-2023-0662, CVE-2023-23916, CVE-2023-23915, CVE-2023-23914, and CVE-2023-24021. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.28, all PHP 8.1 users to upgrade to version 8.1.6, all PHP 8.2 users to upgrade to version 8.2.3,, all libcurl users to upgrade to version 7.88.0, and all ModSecurity users to upgrade to version 2.9.7.

 
AFFECTED VERSIONS
All versions of PHP 8.0 through 8.0.27.
All versions of PHP 8.1 through 8.1.15.
All versions of PHP 8.2 through 8.2.2.
All versions of libcurl through 7.87.0.
All versions of ModSecurity through 2.9.6.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2023-0567 - MEDIUM
PHP 8.0.28
Fixed vulnerability related to CVE-2023-0567.

PHP 8.1.16
Fixed vulnerability related to CVE-2023-0567.

PHP 8.2.3
Fixed vulnerability related to CVE-2023-0567.

CVE-2023-0568 - MEDIUM
PHP 8.0.28
Fixed vulnerability related to CVE-2023-0568.

PHP 8.1.16
Fixed vulnerability related to CVE-2023-0568.

PHP 8.2.3
Fixed vulnerability related to CVE-2023-0568.

CVE-2023-0662 - MEDIUM
PHP 8.0.28
Fixed vulnerability related to CVE-2023-0662.

PHP 8.1.16
Fixed vulnerability related to CVE-2023-0662.

PHP 8.2.3
Fixed vulnerability related to CVE-2023-0662.


CVE-2023-23916 - MEDIUM
libcurl 7.88.0
Fixed vulnerability related to CVE-2023-23916.


CVE-2023-23915 - MEDIUM
libcurl 7.88.0
Fixed vulnerability related to CVE-2023-23915.

CVE-2023-23914 - MEDIUM
libcurl 7.88.0
Fixed vulnerability related to CVE-2023-23914.

CVE-2023-24021 - CRITICAL
ModSecurity 2.9.7
Fixed vulnerability related to CVE-2023-24021.



SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on February 16, 2023, with PHP versions 8.0.28, 8.1.16, and 8.2.3, libcurl version 7.88.0, and ModSecurity 2.9.7. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
https://www.cve.org/CVERecord?id=CVE-2023-23916
https://www.cve.org/CVERecord?id=CVE-2023-23915
https://www.cve.org/CVERecord?id=CVE-2023-23914
https://www.cve.org/CVERecord?id=CVE-2023-24021
https://www.php.net/ChangeLog-8.php#8.2.3
https://www.php.net/ChangeLog-8.php#8.1.16
https://www.php.net/ChangeLog-8.php#8.0.28
https://curl.se/changes.html
https://github.com/SpiderLabs/ModSecurity/releases



















-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmPunpsACgkQlSG+3KvZ
Td/AUg/+IcLsS9+y3cbAb4aYRBDBj/PZDoPTtoazjBgjJ/NIgDQs7WSbL1vOE1L4
HlJbQsepr31L8jvagiFllbEeyFuYQf5LahOI8mznApzm2nBR0IdYmTtdVThXfYbn
Wsgz184b9+n1CsfaqSWc96E+p5jD4ihBssBHOHIpKewbdcABR39f+Ud0PHHw7Z/z
+25b+H55VTJJ2PKThAa0M/heRPu4BtS6pu7Xlykg4B+UWn2uqAfWmoMCX+pPPlQO
jsgTrtw/LV+dHt/1Izs7m+eHNFlBagnwgoxX9J3m6eNhB7US/4KHbyXH927hAsI+
dT8mn9rBAhGroabwLi5uhp37byEUmmaZjm9pD6bsQgnujHUypOTgn4AfhOafmOCw
Mv2hs4YtgU9uSVYATyXPkKTk+3i2mtFGdDHdFG0A8qZY8+Yu76Fce7O7gJYSMMMG
+OD5ySdf0cHGvS89Hqd2dOxZioZlZWMmTrX/9N0GBPfE/B2xzDKFYZBJC7akBXZY
61jySYHjlKISJRgk3hMZXYkvA6v+pxPpiKn4Y7M54C/vl4I1uRkfIQbToRYSXH9T
gzJYn832J0aHVhir94Qh0UHiUgWE9FW/ji6lIIDUOO/degHrW/o/ZTm+9cR7yxus
iHke7Bqbb76Ly6Qcd99eYzoQb6tmVMXj/iWBadRSj+YAxch9Uyg=
=eLDe
-----END PGP SIGNATURE-----