Situation
Security vulnerabilities tied to ea-nginx-njs(CVE-2026-8711) and ea-memcached16(CVE-2026-47783, CVE-2026-47784) have been discovered.
Impact
We are releasing a security update for EasyApache4 (v25.62) to update ea-nginx-njs to v0.9.9 and ea-memcached16 to v1.6.42 to address these vulnerabilities.
Note: Please see the latest EasyApache4 changelogs for version information:
https://docs.cpanel.net/changelogs/easyapache-4-change-log-25/
Call to Action
You can confirm if these packages are installed and updated to the new versions with the following commands:
# dnf list installed ea-nginx-njs
# dnf list installed ea-memcached16
If they are installed, but are not updated, you can use the following command to proceed with that update:
# dnf update
# apt policy ea-niginx-njs
# apt policy ea-memcached16
If they are installed, there will be a specified version in the "Installed" field, as shown below:
CONFIG_TEXT: # apt policy ea-nginx-njs
ea-nginx-njs:
Installed: 0.9.8-2+4.1.cpanel
Candidate: 0.9.8-2+4.1.cpanel
If the Candidate field is greater then the Installed field you have an update pending as shown here:
CONFIG_TEXT: # apt policy ea-memcached16
ea-memcached16:
Installed: 1.6.39-1+2.1.cpanel
Candidate: 1.6.41-1+4.1.cpanel
If the Installed field shows "(none)" the package is not installed.
If they are installed, but have not updated, you can use the following command to perform the update and upgrade:
# apt update && apt upgrade
Comments
0 comments
Article is closed for comments.