-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with APR version 1.7.2, APR-util version 1.6.3, OpenSSL version 1.1.1t, and libxml2 version 2.10.3. This release addresses vulnerabilities related to CVE-2022-24963, CVE-2021-35940, CVE-2022-25147, CVE-2022-4304, CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-23308, CVE-2022-29824, CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303. We strongly encourage all APR user to upgrade to version 1.7.2, All APR-util users to upgrade to version 1.6.3, all OpenSSL users to upgrade to version 1.1.1t, and all libxml2 users to upgrade to version 2.10.3. AFFECTED VERSIONS All versions of APR through 1.7.0. All versions of APR-util through 1.6.1. All versions of OpenSSL through 1.1.1s All versions of libxml through 2.10.2. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2022-24963 - CRITICAL APR 1.7.2 Fixed vulnerability related to CVE-2022-24963 CVE-2021-35940 - HIGH APR 1.7.2 Fixed vulnerability related to CVE-2021-35940 CVE-2022-25147 - CRITICAL APR-util 1.6.3 Fixed vulnerability related to CVE-2022-25147 CVE-2022-4304 - MEDIUM OpenSSL 1.1.17 Fixed vulnerability related to CVE-2022-4304 CVE-2023-0215 - MEDIUM OpenSSL 1.1.17 Fixed vulnerability related to CVE-2023-0215 CVE-2022-4450 - MEDIUM OpenSSL 1.1.17 Fixed vulnerability related to CVE-2022-44509 CVE-2023-0286 - MEDIUM OpenSSL 1.1.17 Fixed vulnerability related to CVE-2023-0286 CVE-2022-23308 - HIGH libxml2 2.0.3 Fixed vulnerability related to CVE-2022-23308 CVE-2022-29824 - MEDIUM libxml2 2.0.3 Fixed vulnerability related to CVE-2022-29824 CVE-2022-2309 - HIGH libxml2 2.0.3 Fixed vulnerability related to CVE-2022-2309 CVE-2022-40304 - HIGH libxml2 2.0.3 Fixed vulnerability related to CVE-2022-40304 CVE-2022-40303 - HIGH libxml2 2.0.3 Fixed vulnerability related to CVE-2022-40303 SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on February 9, 2023, with APR version 1.7.2, APR-util version 1.6.3, OpenSSL version 1.1.1t, and libxml2 version 2.10.3.. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://www.cve.org/CVERecord?id=CVE-2022-24963 https://www.cve.org/CVERecord?id=CVE-2021-35940 https://www.cve.org/CVERecord?id=CVE-2022-25147 https://www.cve.org/CVERecord?id=CVE-2022-4304 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://www.cve.org/CVERecord?id=CVE-2022-4450 https://www.cve.org/CVERecord?id=CVE-2023-0286 https://www.cve.org/CVERecord?id=CVE-2022-23308 https://www.cve.org/CVERecord?id=CVE-2022-29824 https://www.cve.org/CVERecord?id=CVE-2022-2309 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2022-40303 https://downloads.apache.org/apr/CHANGES-APR-1.7 https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6 https://www.openssl.org/news/openssl-1.1.1-notes.html https://gitlab.gnome.org/GNOME/libxml2/-/releases -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmPlbl0ACgkQlSG+3KvZ Td8O9Q//Y4sPzxsm7omr6ivRmMekIe1VpKHZjlz09XIUb95RJa33tJl85QlQACLb +f88O4uB71QK4jBfLA456E+AOWDGrGzvSEzG7gXiBYtZZTS7JYFKfgczNDB0L8DZ dDVN6DCwWuu+5RB/BTRGoitJTt84h9dHyarSgGtIdYPNZg8ryd919lZ9wgs+xd+a taNDL4M5OKjZtc8vKdYjIOl1ULCI+9USEVCeoCwOTobMnRZnJNA3iAEDovhwRAPK XYId4aO7YQ8dDW1ZHTUdsYqe/eEaDKCyKpwHIwQPuBh4//JfPgbV56ZRQxAVU+4t fLJXWPpLoOGtJ2SygrTKyNTerrhId6TubhPi/PJZHxDXzmHXFdtwxBcx3ivUqBBt 7V0dFPXSah4GUE3wLO/HZAHYK27C6wVdbVUKccTh5nRef/ZZ+8JCp3a5TubqBJmk /p6XJULmGrRtIUIztg9kCa/t6fkXajG507XdWDFvwkUzPkb6/y0s9EETXu+IjUqP JP8ERnzHYmAJfBXm04kHdACo+FDXI1+11pyBqAhzKEUFf1mxO6ZigcTz3LxbSos1 GPW5YzUs9FYx/qgAYvaE2LhQK87yFzKjJexlH+BNtPbj05mu5u2xA0hYZwI5W2i2 Qb0xIoJrFJq5QxpMxV4GD6wmOKnwyTqOD4gMQc5XWmovWU/3PmQ= =djKL -----END PGP SIGNATURE-----