-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with updated versions of libcurl, Tomcat 10.1 and NGINX. This release addresses vulnerabilities related to CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2024-56337, and CVE-2025-23419. We strongly encourage all libcurl users to update to version 8.12.0, all Tomcat 10.1 users to update to version 10.1.35, and all NGINX users to update to version 1.26.3. AFFECTED VERSIONS All versions of libcurl through 8.11.1 All versions of Tomcat 10.1 through 10.1.34 All versions of NGINX through 1.26.2 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2025-0167 - MEDIUM libcurl 8.12.0 Fixed vulnerability related to CVE-2025-0167 CVE-2025-0665 - MEDIUM libcurl 8.12.0 Fixed vulnerability related to CVE-2025-0665 CVE-2025-0725 - MEDIUM libcurl 8.12.0 Fixed vulnerability related to CVE-2025-0725 CVE-2024-56337 Tomcat 10.1.35 Fixed vulnerability related to CVE-2024-56337 CVE-2025-23419 NGINX 1.26.3 Fixed vulnerability related to CVE-2025-23419 SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 25.4 on 2025 February 13, with libcurl version 8.12.0, Tomcat version 10.1.35, and NGINX version 1.26.3. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://www.cve.org/CVERecord?id=CVE-2025-0167 https://www.cve.org/CVERecord?id=CVE-2025-0665 https://www.cve.org/CVERecord?id=CVE-2025-0725 https://www.cve.org/CVERecord?id=CVE-2024-56337 https://www.cve.org/CVERecord?id=CVE-2025-23419 https://curl.se/ch/8.12.0.html https://tomcat.apache.org/tomcat-10.1-doc/changelog.html https://nginx.org/en/CHANGES-1.26 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmeuTUMACgkQlSG+3KvZ Td9uXQ//ZfX03z/My7pclkLTq1LhGN4g+nyUf+O/lnKbJF2L4rzQHVT5dtrTTuKK hj2ND9upc8TMSnSRJcfrPPsuAbMfA3Ng4fgXMeD6NaepCLEVaNhJKz3WBSMenax5 uHqGUDTKdBCdgOQS4jSAKvwZMPYjvWXQoS5wnIU46FMvZvYMijetdvRjX83BI1nd fAEUZSz5G/Bd21sZEF8CIBs/5FZgaJG4qLyhbI1c9CD9jf+uqLJAEnIMGrQiik96 NXL6zAOK83DFJskgSp33EuMOYUrAuZMT7iHaJxPQF90hPKLMhdfgIwTCszbp7CR4 TKAaxsngbjtZ4RPtIBDGn8haKfhXNaZCEx3hBYPz6jGlarS7Cqkyuh6XBK5QFcuz foXrYVoalXN5t6fvua52dnYsDOX87hdnJEYMIMMYNo24tHdEogbFXEO3+cgYe8a0 t7adPfCMTj8+hde8Ei+2a9Iw1ughJJbh64wj4yPxlZOSZX1p1JWoX8fl3GE2v+6i 6qodOjr/xhyXCciUv5eN48ulYcGEup7rqyvrFK9h06xFX1HrA8j9cS/VEA6FInjb S15rlZSOfeEKmPuKANPI2qXx4Acq2QO6zztpdwLK4XfEEdt8wWpj7o+uvcZjR+9p ykY35XleJzIoXg41p4xQy15tHJfkjm0hD9IfIEH2/MkKBxwNIyA= =nqpo -----END PGP SIGNATURE-----