Skip to main content

EasyApache February 16 Release

cPRex Jurassic Moderator
cPanel, L.L.C. has released a security update for , to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.
  • ea-nghttp2
    • EA-11239: Update ea-nghttp2 from v1.51.0 to v1.52.0
  • ea-nginx
    • ZC-10615: Remove cleaning pipelog artifacts from init.d and chksrvd files
    • EA-11189: Exclude invalid certificate files from the Nginx config
  • ea-nginx-njs
    • EA-11224: Update ea-nginx-njs from v0.7.9 to v0.7.10
  • ea-php80
  • ea-php80-meta
    • EA-11227: Update ea-php80 from v8.0.27 to v8.0.28
      • " Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)
      • " Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
      • " Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
  • ea-php81
  • ea-php81-meta
    • EA-11244: Update ea-php81 from v8.1.15 to v8.1.16
      • " Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)
      • " Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
      • " Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
  • ea-php82
  • ea-php82-meta
    • EA-11226: Update ea-php82 from v8.2.2 to v8.2.3
      • " Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)
      • " Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
      • " Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
  • ea-podman
    • ZC-10667: Change perms for nuewuidmap for Rocky 9
  • libcurl
    • EA-11241: Update libcurl from v7.87.0 to v7.88.0
      • " CVE-2023-23916: HTTP multi-header compression denial of service
      • " CVE-2023-23915: HSTS amnesia with "parallel
      • " CVE-2023-23914: HSTS ignored on multiple requests
  • mod_security2
    • EA-11134: Update mod_security2 from v2.9.6 to v2.9.7
      • Security impacting issues:
      • Fix: FILES_TMP_CONTENT may sometimes lack complete content
SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.28, 8.1.16, and 8.2.3, libcurl version 7.88.0, and ModSecurity 2.9.7. This release addresses vulnerabilities related to CVE-2023-0567, CVE-2023-0568, CVE-2023-0662, CVE-2023-23916, CVE-2023-23915, CVE-2023-23914, and CVE-2023-24021. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.28, all PHP 8.1 users to upgrade to version 8.1.6, all PHP 8.2 users to upgrade to version 8.2.3,, all libcurl users to upgrade to version 7.88.0, and all ModSecurity users to upgrade to version 2.9.7. AFFECTED VERSIONS All versions of PHP 8.0 through 8.0.27. All versions of PHP 8.1 through 8.1.15. All versions of PHP 8.2 through 8.2.2. All versions of libcurl through 7.87.0. All versions of ModSecurity through 2.9.6. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2023-0567 " MEDIUM PHP 8.0.28 Fixed vulnerability related to CVE-2023-0567. PHP 8.1.16 Fixed vulnerability related to CVE-2023-0567. PHP 8.2.3 Fixed vulnerability related to CVE-2023-0567. CVE-2023-0568 " MEDIUM PHP 8.0.28 Fixed vulnerability related to CVE-2023-0568. PHP 8.1.16 Fixed vulnerability related to CVE-2023-0568. PHP 8.2.3 Fixed vulnerability related to CVE-2023-0568. CVE-2023-0662 " MEDIUM PHP 8.0.28 Fixed vulnerability related to CVE-2023-0662. PHP 8.1.16 Fixed vulnerability related to CVE-2023-0662. PHP 8.2.3 Fixed vulnerability related to CVE-2023-0662. CVE-2023-23916 " MEDIUM libcurl 7.88.0 Fixed vulnerability related to CVE-2023-23916. CVE-2023-23915 " MEDIUM libcurl 7.88.0 Fixed vulnerability related to CVE-2023-23915. CVE-2023-23914 " MEDIUM libcurl 7.88.0 Fixed vulnerability related to CVE-2023-23914. CVE-2023-24021 " CRITICAL ModSecurity 2.9.7 Fixed vulnerability related to CVE-2023-24021. SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on February 16, 2023, with PHP versions 8.0.28, 8.1.16, and 8.2.3, libcurl version 7.88.0, and ModSecurity 2.9.7. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM"s Run System Update interface. REFERENCES and the and

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post