{"id":25853,"date":"2022-06-15T22:33:42","date_gmt":"2022-06-15T18:33:42","guid":{"rendered":"https:\/\/news.cpanel.com\/?p=60553"},"modified":"2022-06-26T10:03:49","modified_gmt":"2022-06-26T05:33:49","slug":"easyapache-june-15-release","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/easyapache-june-15-release\/","title":{"rendered":"EasyApache June 15 Release"},"content":{"rendered":"<p>We are happy to announce that cPanel, L.L.C. has released an update for <a href=\"https:\/\/docs.cpanel.net\/ea4\/basics\/introduction-to-easyapache-4\/\" target=\"_blank\" rel=\"noopener\"><u>EasyApache 4<\/u>!<\/a> Take a look at some highlights below, and then join us on\u00a0the <a href=\"https:\/\/forums.cpanel.net\/forums\/cpanel-announcements.133\/\" target=\"_blank\" rel=\"noopener\"><u>cPanel Community Forums<\/u><\/a>, <a href=\"https:\/\/go.cpanel.net\/discord\" target=\"_blank\" rel=\"noopener\"><u>Discord<\/u><\/a>,\u00a0or\u00a0<a href=\"https:\/\/reddit.com\/r\/cpanel\/\" target=\"_blank\" rel=\"noopener\"><u>Reddit<\/u><\/a> to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.<\/p>\n<ul>\n<li><strong>ea-apache24<\/strong>\n<ul>\n<li>EA-10756: Update ea-apache2 from v2.4.53 to v2.4.54<\/li>\n<li>CVE-2022-26377: mod_proxy_ajp: Possible request smuggling<\/li>\n<li>CVE-2022-28330: Read beyond bounds in mod_isapi<\/li>\n<li>CVE-2022-28614: Read beyond bounds via ap_rwrite()<\/li>\n<li>CVE-2022-28615: Read beyond bounds in ap_strcmp_match()<\/li>\n<li>CVE-2022-29404: Denial of service in mod_lua r:parsebody<\/li>\n<li>CVE-2022-30522: mod_sed: Denial of service<\/li>\n<li>CVE-2022-30556: Information Disclosure in mod_lua with websockets<\/li>\n<li>CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-nodejs16<\/strong>\n<ul>\n<li>EA-10748: Update ea-nodejs16 from v16.15.0 to v16.15.1<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-tomcat85<\/strong>\n<ul>\n<li>EA-10761: Update ea-tomcat85 from v8.5.79 to v8.5.81<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-php74<\/strong><\/li>\n<li><strong>ea-php74-meta<\/strong>\n<ul>\n<li>EA-10757: Update ea-php74 from v7.4.29 to v7.4.30\n<ul>\n<li>mysqlnd:\n<ul>\n<li>Fixed bug #81719: mysqlnd\/pdo password buffer overflow. (CVE-2022-31626)<\/li>\n<\/ul>\n<\/li>\n<li>pgsql:\n<ul>\n<li>Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-php80<\/strong><\/li>\n<li><strong>ea-php80-meta<\/strong>\n<ul>\n<li>EA-10760: Update ea-php80 from v8.0.19 to v8.0.20\n<ul>\n<li>mysqlnd:\n<ul>\n<li>Fixed bug #81719: mysqlnd\/pdo password buffer overflow. (CVE-2022-31626)<\/li>\n<\/ul>\n<\/li>\n<li>pgsql:\n<ul>\n<li>Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-php81<\/strong><\/li>\n<li><strong>ea-php81-meta<\/strong>\n<ul>\n<li>EA-10758: Update ea-php81 from v8.1.6 to v8.1.7\n<ul>\n<li>mysqlnd:\n<ul>\n<li>Fixed bug #81719: mysqlnd\/pdo password buffer overflow. (CVE-2022-31626)<\/li>\n<\/ul>\n<\/li>\n<li>pgsql:\n<ul>\n<li>Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-podman<\/strong>\n<ul>\n<li>ZC-9993: Add script for dev\/QA\/smold4r to be able to test against internal docker hub<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-podman-repo<\/strong>\n<ul>\n<li>ZC-10010: enable powertools on Rocky 8<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-nginx<\/strong>\n<ul>\n<li>ZC-9940: Change worker_processes default back to 1<\/li>\n<li>ZC-9940: Have worker_shutdown_timeout default to 10 seconds<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n<p><strong>SUMMARY<\/strong><br \/>\ncPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.4.30, 8.0.20, and 8.1.7 and Apache version 2.4.54. This release addresses vulnerabilities related to CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-31626, and CVE-2022-31625. We strongly encourage all PHP 7.4 users to update to version 7.4.30, all PHP 8.0 users to update to version 8.0.20, all PHP 8.1 users to update to version 8.1.7, and all Apache users to update to version 2.4.54.<\/p>\n<p>AFFECTED VERSIONS<br \/>\nAll versions of PHP 7.4 through 7.4.29.<br \/>\nAll versions of PHP 8.0 through 8.0.19.<br \/>\nAll versions of PHP 8.1 through 8.1.6.<br \/>\nAll versions of Apache through 2.4.53.<\/p>\n<p>SECURITY RATING<br \/>\nThe National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:<\/p>\n<p>CVE-2022-26377 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability in the mod_proxy_ajp module related to CVE-2022-26377.<\/p>\n<p>CVE-2022-28330 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability in the mod_isapi module related to CVE-2022-28330.<\/p>\n<p>CVE-2022-28614 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability related to CVE-2022-28614.<\/p>\n<p>CVE-2022-28615 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability related to CVE-2022-28615.<\/p>\n<p>CVE-2022-29404 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability in the mod_lua module related to CVE-2022-29404.<\/p>\n<p>CVE-2022-30522 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability in the mod_sed module related to CVE-2022-30522.<\/p>\n<p>CVE-2022-30556 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability in the mod_lua module related to CVE-2022-30556.<\/p>\n<p>CVE-2022-31813 \u2013 MEDIUM<br \/>\nApache 2.4.54<br \/>\nFixed vulnerability in the mod_proxy module related to CVE-2022-31813.<\/p>\n<p>CVE-2022-31626 \u2013 MEDIUM<br \/>\nPHP 7.4.30<\/p>\n<p><strong><u>More Information<\/u><\/strong><\/p>\n<p>Information about all releases this year can be found in the\u00a0<a href=\"https:\/\/docs.cpanel.net\/changelogs\/easyapache-4-change-log-2021\/\" target=\"_blank\" rel=\"noopener\"><u>2022 EasyApache 4 Changelog<\/u><\/a>\u00a0and\u00a0the\u00a0<a href=\"https:\/\/docs.cpanel.net\/ea4\/information\/easyapache-4-release-notes\/\" target=\"_blank\" rel=\"noopener\"><u>EasyApache 4 Release Notes<\/u><\/a>. You can also sign up for our\u00a0<a href=\"http:\/\/mail.cpanel.net\/mailman\/listinfo\/ea4development-announce_cpanel.net\" target=\"_blank\" rel=\"noopener\"><u>EasyApache Development<\/u><\/a>\u00a0and\u00a0<a href=\"http:\/\/mail.cpanel.net\/mailman\/listinfo\/ea4production-announce_cpanel.net\" target=\"_blank\" rel=\"noopener\"><u>EasyApache Production<\/u><\/a> mailing\u00a0lists to see when updates are pushed for our RPMs, letting you know ahead of time what will be updated in each EasyApache release.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on\u00a0the cPanel Community Forums, Discord,\u00a0or\u00a0Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels. &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-25853","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=25853"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25853\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=25853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=25853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=25853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}