-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with an updated versions libxml2. This release addresses vulnerabilities related to CVE-2025-24928 and CVE-2024-56171. We strongly encourage all libxml2 users to update to version 2.13.6.

 
AFFECTED VERSIONS
All versions of libxml2 through 2.13.5



SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2025-24928 - MEDIUM
libxml2 2.13.6
Fixed vulnerability related to CVE-2025-24928

CVE-2024-56171 - MEDIUM
libxml2 2.13.6
Fixed vulnerability related to CVE-2024-56171


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 25.6 on 2025 February 19, with libxml2 version 2.13.6. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2025-24928
https://www.cve.org/CVERecord?id=CVE-2024-56171
https://gitlab.gnome.org/GNOME/libxml2/-/releases
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAme2Y8sACgkQlSG+3KvZ
Td8LHg/+I23qAgaHC1v2C2UiS9OkSqfnwUxHGbF1Y/U2G+x/4eGHMLTR07jdpfBk
mOnSxlE7JlGVshTyoR6g6IoZfOk7HDiI4fWqO+inCFZhoz6EVRlEuG7Pe2MJYM2t
quScdPPCqARp4lpJQNE5jiPp7MwCzUPESWAgLdHWqFtOUIKirYXmnVvgo2GN1Faj
dZv39pyHpW4ZRld1ZE04ieOjX4b6udoShwXUGbMCmK2W+/ULzYom051caJFK/R1q
Wl6rVdfvC9pTBz6hNQEkUoG2mLS9BvBbRrs8SU3oP40LjoAh3NwjVPChp4Vgh9hJ
D1aIsZLQ1/YE/PbhYUYOeCKG+pXktRTqvrA4ZtIi1357oQyfg0/AVSdvqfFbYUD+
QpYQbJMiVyq0de119kJhcQ8Yqkm9WuQhtnGRl9gImj0DiZ6Uk0woBQt891HgbvMw
j1MixNkHk0moUB+60TO2Q32EeDHMJH0hsQW4Wfsp4RehaaOLlcTR1GM1EMDnnM8x
wEp4G0cHTpRCS/SFxt+9nTpqT1zjt+Ly5Dpc61PFuqerj8v8L//mqWA8kVDBHs4X
wTZ4zOp+j1UtgJ2qW4/l7b4XnIVyIv0mezmmAZEfcJZAWLRvaNQsb28FiDCJO/wK
XYDelwDEdk6c02piTxnBwLMMBeOo7q43W3CTNtOSEPnGkBheol4=
=KQ7T
-----END PGP SIGNATURE-----