-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with Apache version 2.4.56. This release addresses vulnerabilities related to CVE-2023-27522 and CVE-2023-25690. We strongly encourage all Apache users to upgrade to version 2.4.56.

 
AFFECTED VERSIONS
All versions of Apache through 2.4.55.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2023-27522 - MEDIUM
Apache 2.4.56
Fixed vulnerability related to CVE-2023-27522.

CVE-2023-25690 - MEDIUM
Apache 2.4.56
Fixed vulnerability related to CVE-2023-25690.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on March 8, 2023, with Apache version 2.4.56. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2023-27522
https://www.cve.org/CVERecord?id=CVE-2023-25690
https://downloads.apache.org/httpd/CHANGES_2.4.56



















-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmQI4xEACgkQlSG+3KvZ
Td9+pRAA1FWn4WqOQQtdcMryElCbm8d4xYtdTCSb5AeXeMvPWWweeErf02auqXe3
RciP5iZdXcmWRoTv9Omd07aLXkcBORImtyR1u3s+xmkV5XDYsbX3v0AtdJsNUJx4
iJ7SYM2xyAWrJiPG6g4zHZxwU6Gdhu57SBG49TwYurE5uM0d8RoadYyCSF6InMUO
pdufIEgqPZylDk4NfLRXFJA+JY5hKfGZKzMDFZZTg8tQ1wZPP3xJVmYQfAhmXP18
PrS2eMKXBPX9Fi51xypBEyI/34awn2f1CzG4/Nu3DXgBk2n8y1onrt8qCkBp0L9D
VSwNHiMs68PFa9fGjhAE/lLyO6Y8SGjiXY+/9cyq7b5xObog9JoUgrPCYDBETsGy
OeeFN8yquuBGEwsxADYtZfBk1CR65b6y/k3jpdOauCH6b11DNIICqa+vElOlLBin
NOXgzz4c3CC7gC0koy649A/K4wheDD4lwYy3qGzO4Q6YpAyegcSoaWub9mdf6WWQ
nSvUVU3OKg+0a7nTV78WzCKZV9qyfYZxszDIuZcL6sXntjdKP8qf8HfTKOg2EVd3
heohOoUI+BSowKKNHtRH0sYPYG7TGLKdoMbA15Po1tBsl9Zog61Pf1muEY4Vr58H
UnluMNOEF65NZSbn1AhJpAppPGG7PY4OigudwpLPLG6grwJ0A44=
=FcjO
-----END PGP SIGNATURE-----