{"id":40529,"date":"2023-02-17T01:36:53","date_gmt":"2023-02-16T21:36:53","guid":{"rendered":"https:\/\/news.cpanel.com\/?p=61593"},"modified":"2023-04-19T14:01:36","modified_gmt":"2023-04-19T09:31:36","slug":"easyapache-16-february-release","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/easyapache-16-february-release\/","title":{"rendered":"EasyApache 16 February Release"},"content":{"rendered":"<p dir=\"ltr\" style=\"text-align: left;\">cPanel, L.L.C. has released a security update for\u00a0<a href=\"https:\/\/docs.cpanel.net\/ea4\/basics\/introduction-to-easyapache-4\/\" target=\"_blank\" rel=\"noopener\">EasyApache 4!<\/a>\u00a0 Take a look at some highlights below, and then join us on\u00a0the\u00a0<a href=\"https:\/\/forums.cpanel.net\/forums\/cpanel-announcements.133\/\" target=\"_blank\" rel=\"noopener\">cPanel Community Forums<\/a>,\u00a0<a href=\"https:\/\/go.cpanel.net\/discord\" target=\"_blank\" rel=\"noopener\">Discord<\/a>,\u00a0or\u00a0<a href=\"https:\/\/reddit.com\/r\/cpanel\/\" target=\"_blank\" rel=\"noopener\">Reddit<\/a>\u00a0to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.<\/p>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>ea-nghttp2<\/strong>\n<ul>\n<li>EA-11239: Update ea-nghttp2 from v1.51.0 to v1.52.0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>ea-nginx<\/strong>\n<ul>\n<li>ZC-10615: Remove cleaning pipelog artifacts from init.d and chksrvd files<\/li>\n<li>EA-11189: Exclude invalid certificate files from the Nginx config<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>ea-nginx-njs<\/strong>\n<ul>\n<li>EA-11224: Update ea-nginx-njs from v0.7.9 to v0.7.10<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>ea-php80<\/strong><\/li>\n<li><strong>ea-php80-meta<\/strong>\n<ul>\n<li>EA-11227: Update ea-php80 from v8.0.27 to v8.0.28\n<ul>\n<li>\u2013 Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)<\/li>\n<li>\u2013 Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)<\/li>\n<li>\u2013 Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>ea-php81<\/strong><\/li>\n<li><strong>ea-php81-meta<\/strong>\n<ul>\n<li>EA-11244: Update ea-php81 from v8.1.15 to v8.1.16\n<ul>\n<li>\u2013 Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)<\/li>\n<li>\u2013 Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)<\/li>\n<li>\u2013 Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>ea-php82<\/strong><\/li>\n<li><strong>ea-php82-meta<\/strong>\n<ul>\n<li>EA-11226: Update ea-php82 from v8.2.2 to v8.2.3\n<ul>\n<li>\u2013 Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)<\/li>\n<li>\u2013 Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)<\/li>\n<li>\u2013 Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>ea-podman<\/strong>\n<ul>\n<li>ZC-10667: Change perms for nuewuidmap for Rocky 9<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>libcurl<\/strong>\n<ul>\n<li>EA-11241: Update libcurl from v7.87.0 to v7.88.0\n<ul>\n<li>\u2013 CVE-2023-23916: HTTP multi-header compression denial of service<\/li>\n<li>\u2013 CVE-2023-23915: HSTS amnesia with \u2013parallel<\/li>\n<li>\u2013 CVE-2023-23914: HSTS ignored on multiple requests<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul dir=\"ltr\" style=\"text-align: left;\">\n<li><strong>mod_security2<\/strong>\n<ul>\n<li>EA-11134: Update mod_security2 from v2.9.6 to v2.9.7\n<ul>\n<li>Security impacting issues:<\/li>\n<li>Fix: FILES_TMP_CONTENT may sometimes lack complete content<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" style=\"text-align: left;\"><strong>SUMMARY<\/strong><\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 8.0.28, 8.1.16, and 8.2.3, libcurl version 7.88.0, and ModSecurity 2.9.7. This release addresses vulnerabilities related to CVE-2023-0567, CVE-2023-0568, CVE-2023-0662, CVE-2023-23916, CVE-2023-23915, CVE-2023-23914, and CVE-2023-24021. We strongly encourage all PHP 8.0 users to upgrade to version 8.0.28, all PHP 8.1 users to upgrade to version 8.1.6, all PHP 8.2 users to upgrade to version 8.2.3,, all libcurl users to upgrade to version 7.88.0, and all ModSecurity users to upgrade to version 2.9.7.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\"><strong>AFFECTED VERSIONS<br \/>\n<\/strong>All versions of PHP 8.0 through 8.0.27.<br \/>\nAll versions of PHP 8.1 through 8.1.15.<br \/>\nAll versions of PHP 8.2 through 8.2.2.<br \/>\nAll versions of libcurl through 7.87.0.<br \/>\nAll versions of ModSecurity through 2.9.6.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\"><strong>SECURITY RATING<br \/>\n<\/strong>The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">CVE-2023-0567 \u2013 MEDIUM<br \/>\nPHP 8.0.28<br \/>\nFixed vulnerability related to CVE-2023-0567.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">PHP 8.1.16<br \/>\nFixed vulnerability related to CVE-2023-0567.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">PHP 8.2.3<br \/>\nFixed vulnerability related to CVE-2023-0567.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">CVE-2023-0568 \u2013 MEDIUM<br \/>\nPHP 8.0.28<br \/>\nFixed vulnerability related to CVE-2023-0568.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">PHP 8.1.16<br \/>\nFixed vulnerability related to CVE-2023-0568.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">PHP 8.2.3<br \/>\nFixed vulnerability related to CVE-2023-0568.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">CVE-2023-0662 \u2013 MEDIUM<br \/>\nPHP 8.0.28<br \/>\nFixed vulnerability related to CVE-2023-0662.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">PHP 8.1.16<br \/>\nFixed vulnerability related to CVE-2023-0662.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">PHP 8.2.3<br \/>\nFixed vulnerability related to CVE-2023-0662.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">CVE-2023-23916 \u2013 MEDIUM<br \/>\nlibcurl 7.88.0<br \/>\nFixed vulnerability related to CVE-2023-23916.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">CVE-2023-23915 \u2013 MEDIUM<br \/>\nlibcurl 7.88.0<br \/>\nFixed vulnerability related to CVE-2023-23915.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">CVE-2023-23914 \u2013 MEDIUM<br \/>\nlibcurl 7.88.0<br \/>\nFixed vulnerability related to CVE-2023-23914.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">CVE-2023-24021 \u2013 CRITICAL<br \/>\nModSecurity 2.9.7<br \/>\nFixed vulnerability related to CVE-2023-24021.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\"><strong>SOLUTION<\/strong><br \/>\ncPanel, L.L.C. has released updated packages for EasyApache 4 on February 16, 2023, with PHP versions 8.0.28, 8.1.16, and 8.2.3, libcurl version 7.88.0, and ModSecurity 2.9.7. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM\u2019s Run System Update interface.<\/p>\n<p dir=\"ltr\" style=\"text-align: left;\"><strong>REFERENCES<\/strong><br \/>\n<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0567\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0567<br \/>\n<\/a><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0568\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0568<br \/>\n<\/a><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0662\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2023-0662<br \/>\n<\/a><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-23916\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2023-23916<br \/>\n<\/a><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-23915\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2023-23915<br \/>\n<\/a><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-23914\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2023-23914<br \/>\n<\/a><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-24021\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2023-24021<br \/>\n<\/a><a href=\"https:\/\/www.php.net\/ChangeLog-8.php#8.2.3\" target=\"_blank\" rel=\"noopener\">https:\/\/www.php.net\/ChangeLog-8.php#8.2.3<br \/>\n<\/a><a href=\"https:\/\/www.php.net\/ChangeLog-8.php#8.1.16\" target=\"_blank\" rel=\"noopener\">https:\/\/www.php.net\/ChangeLog-8.php#8.1.16<br \/>\n<\/a><a href=\"https:\/\/www.php.net\/ChangeLog-8.php#8.0.28\" target=\"_blank\" rel=\"noopener\">https:\/\/www.php.net\/ChangeLog-8.php#8.0.28<br \/>\n<\/a><a href=\"https:\/\/curl.se\/changes.html\" target=\"_blank\" rel=\"noopener\">https:\/\/curl.se\/changes.html<br \/>\n<\/a><a href=\"https:\/\/github.com\/SpiderLabs\/ModSecurity\/releases\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/SpiderLabs\/ModSecurity\/releases<\/a><\/p>\n<p dir=\"ltr\" style=\"text-align: left;\"><a href=\"https:\/\/news.cpanel.com\/wp-content\/uploads\/2023\/02\/EA4-2023-2-16-CVE.signed.txt\" target=\"_blank\" rel=\"noopener\">https:\/\/news.cpanel.com\/wp-content\/uploads\/2023\/02\/EA4-2023-2-16-CVE.signed.txt<\/a><\/p>\n<p dir=\"ltr\" style=\"text-align: left;\">Information about all releases this year can be found in the\u00a0<a href=\"https:\/\/docs.cpanel.net\/changelogs\/easyapache-4-change-log-2023\/\" target=\"_blank\" rel=\"noopener\">2023 EasyApache 4 Changelog<\/a>\u00a0and\u00a0the\u00a0<a href=\"https:\/\/docs.cpanel.net\/ea4\/information\/easyapache-4-release-notes\/\" target=\"_blank\" rel=\"noopener\">EasyApache 4 Release Notes<\/a>. You can also sign up for our\u00a0<a href=\"http:\/\/mail.cpanel.net\/mailman\/listinfo\/ea4development-announce_cpanel.net\" target=\"_blank\" rel=\"noopener\">EasyApache Development<\/a>\u00a0and\u00a0<a href=\"http:\/\/mail.cpanel.net\/mailman\/listinfo\/ea4production-announce_cpanel.net\" target=\"_blank\" rel=\"noopener\">EasyApache Production<\/a>\u00a0mailing\u00a0lists to see when updates are pushed for our RPMs, letting you know ahead of time what will be updated in each EasyApache release.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>cPanel, L.L.C. has released a security update for\u00a0EasyApache 4!\u00a0 Take a look at some highlights below, and then join us on\u00a0the\u00a0cPanel Community Forums,\u00a0Discord,\u00a0or\u00a0Reddit\u00a0to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels. ea-nghttp2 EA-11239: Update ea-nghttp2 from v1.51.0 to v1.52.0 ea-nginx &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-40529","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/40529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=40529"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/40529\/revisions"}],"predecessor-version":[{"id":40540,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/40529\/revisions\/40540"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=40529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=40529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=40529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}