EasyApache February 9 Release
We are happy to announce that cPanel, L.L.C. has released an update for , to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.
-
libcurl
- EA-11221: Bump minimum required nghttp2 version to 1.51.0-2
-
apr
- EA-11198: Update apr from v1.7.0 to v1.7.2
- CVE-2022-24963
- Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
- CVE-2021-35940
- Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.)
-
apr-util
- EA-11199: Update apr-util from v1.6.1 to v1.6.3
- CVE-2022-25147
- Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
-
ea-openssl11
- EA-11213: Update ea-openssl11 from v1.1.1s to v1.1.1t
- X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
- Timing Oracle in RSA Decryption (CVE-2022-4304)
- Use-after-free following BIO_new_NDEF (CVE-2023-0215)
- Double free after calling PEM_read_bio_ex (CVE-2022-4450)
- EA-11213: Update ea-openssl11 from v1.1.1s to v1.1.1t
-
ea-libxml2
- EA-11205: Update ea-libxml2 from v2.9.7 to v2.10.3
- [CVE-2022-23308] Use-after-free of ID and IDREF attributes
- [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- EA-11205: Update ea-libxml2 from v2.9.7 to v2.10.3
- ea-php81
-
ea-php81-meta
- EA-11208: Update ea-php81 from v8.1.14 to v8.1.15
-
ea-php82
- EA-11212: Fix PKG_CONFIG_PATH
- ea-php82
-
ea-php82-meta
- EA-11200: Update ea-php82 from v8.2.1 to v8.2.2
-
ea-nghttp2
- EA-11210: Update ea-nghttp2 from v1.49.0 to v1.51.0
- EA-11221: Have ea-nghttp2 require ea-libnghttp2
Please sign in to leave a comment.
Comments
0 comments