{"id":56157,"date":"2024-04-09T04:02:27","date_gmt":"2024-04-09T00:02:27","guid":{"rendered":"https:\/\/news.cpanel.com\/?p=62897"},"modified":"2024-04-09T04:02:27","modified_gmt":"2024-04-09T00:02:27","slug":"easyapache4-2024-04-08-maintenance-and-security-release","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/easyapache4-2024-04-08-maintenance-and-security-release\/","title":{"rendered":"EasyApache4 2024-04-08 Maintenance and Security Release"},"content":{"rendered":"<p>cPanel, L.L.C. has released an update for&nbsp;<a href=\"https:\/\/docs.cpanel.net\/ea4\/basics\/introduction-to-easyapache-4\/\" target=\"_blank\" rel=\"noopener\">EasyApache 4!<\/a>&nbsp; Take a look at some highlights below, and then join us on&nbsp;the&nbsp;<a href=\"https:\/\/forums.cpanel.net\/forums\/cpanel-announcements.133\/\" target=\"_blank\" rel=\"noopener\">cPanel Community Forums<\/a>,&nbsp;<a href=\"https:\/\/go.cpanel.net\/discord\" target=\"_blank\" rel=\"noopener\">Discord<\/a>,&nbsp;or&nbsp;<a href=\"https:\/\/reddit.com\/r\/cpanel\/\" target=\"_blank\" rel=\"noopener\">Reddit<\/a>&nbsp;to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.<\/p>\n<ul>\n<li><strong>ea-apache24<\/strong>\n<ul>\n<li>EA-12070: Update ea-apache2 from v2.4.58 to v2.4.59\n<ul>\n<li>low: Apache HTTP Server: HTTP Response Splitting in multiple modules (CVE-2024-24795)<\/li>\n<li>moderate: Apache HTTP Server: HTTP\/2 DoS by memory exhaustion on endless continuation frames (CVE-2024-27316)<\/li>\n<li>moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-nodejs20<\/strong>\n<ul>\n<li>EA-12068: Update ea-nodejs20 from v20.12.0 to v20.12.1\n<ul>\n<li>CVE-2024-27983 \u2013 Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP\/2 server crash- (High)<\/li>\n<li>CVE-2024-27982 \u2013 HTTP Request Smuggling via Content Length Obfuscation \u2013 (Medium)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-nodejs18<\/strong>\n<ul>\n<li>EA-12067: Update ea-nodejs18 from v18.20.0 to v18.20.1\n<ul>\n<li>CVE-2024-27983 \u2013 Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP\/2 server crash- (High)<\/li>\n<li>CVE-2024-27982 \u2013 HTTP Request Smuggling via Content Length Obfuscation \u2013 (Medium)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-nghttp2<\/strong>\n<ul>\n<li>EA-12069: Update ea-nghttp2 from v1.60.0 to v1.61.0\n<ul>\n<li>CVE-2024-28182: Reading unbounded number of HTTP\/2 CONTINUATION frames to cause excessive CPU usage<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-profiles-cpanel<\/strong>\n<ul>\n<li>ZC-11574: Set epoch to `5` to coordinate w\/ Cloudlinux\u2019s fixes<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-tomcat85<\/strong>\n<ul>\n<li>EA-11588: Mark ea-tomcat85 as EOL<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>SUMMARY<\/strong><\/p>\n<p>cPanel, L.L.C. has updated packages for EasyApache 4 with ea-apache24 v2.4.59, ea-nodejs20 v20.12.1, ea-nodejs18 v18.20.1, and ea-nghttp2 v1.61.0. This release addresses vulnerabilities related to CVE-2024-24795, CVE-2024-27316, CVE-2023-38709, CVE-2024-27983, CVE-2024-27982, and CVE-2024-28182. We strongly encourage all users to upgrade to the latest versions of these packages.<\/p>\n<p><strong>AFFECTED VERSIONS<br \/><\/strong>All versions of ea-apache24 through 2.4.58.<br \/>All versions of ea-nodejs18 through 18.20.0.<br \/>All versions of ea-nodejs20 through 20.12.0.<br \/>All versions of ea-nghttp2 through 1.60.0.<\/p>\n<p><strong>SECURITY RATING<br \/><\/strong>The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:<\/p>\n<p>CVE-2024-24795 \u2013 LOW<br \/>ea-apache24 2.4.59<br \/>Fixed vulnerability related to CVE-2024-24795.<\/p>\n<p>CVE-2024-27316 \u2013 MODERATE<br \/>ea-apache24 2.4.59<br \/>Fixed vulnerability related to CVE-2024-27316.<\/p>\n<p>CVE-2023-38709 \u2013 MODERATE<br \/>ea-apache24 2.4.59<br \/>Fixed vulnerability related to CVE-2023-38709.<\/p>\n<p>CVE-2024-27983 \u2013 HIGH<br \/>CVE-2024-27982 \u2013 MEDIUM<br \/>ea-nodejs18 18.20.0<br \/>ea-nodejs20 20.12.0<br \/>Fixed vulnerabilities related to CVE-2024-27982 and CVE-2024-27983.<\/p>\n<p>CVE-2024-28182 \u2013 MODERATE<br \/>ea-nghttp2 1.61.0<br \/>Fixed vulnerability related to CVE-2024-28182.<\/p>\n<p><strong>SOLUTION<br \/><\/strong>cPanel, L.L.C. has released updated packages for EasyApache 4 on April 8, 2024, with ea-apache24 v2.4.59, ea-nodejs20 v20.12.1, ea-nodejs18 v18.20.1, and ea-nghttp2 v1.61.0. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM\u2019s Run System Update interface.<\/p>\n<p><strong>REFERENCES<br \/><\/strong><a href=\"https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html \" target=\"_blank\" rel=\"noopener\">https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html<br \/><\/a><a href=\"https:\/\/nodejs.org\/en\/blog\/vulnerability\/april-2024-security-releases \" target=\"_blank\" rel=\"noopener\">https:\/\/nodejs.org\/en\/blog\/vulnerability\/april-2024-security-releases<br \/><\/a><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-28182\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cve.org\/CVERecord?id=CVE-2024-28182<\/a><\/p>\n<p><a href=\"https:\/\/news.cpanel.com\/wp-content\/uploads\/2024\/04\/EA4-2024-4-3-CVE.signed-1.txt\" target=\"_blank\" rel=\"noopener\">https:\/\/news.cpanel.com\/wp-content\/uploads\/2024\/04\/EA4-2024-4-3-CVE.signed-1.txt<\/a><\/p>\n<p>Information about all releases this year can be found in the&nbsp;<a href=\"https:\/\/docs.cpanel.net\/changelogs\/easyapache-4-change-log-2024\/\" target=\"_blank\" rel=\"noopener\">2024 EasyApache 4 Changelog&nbsp;<\/a>and&nbsp;the&nbsp;<a href=\"https:\/\/docs.cpanel.net\/ea4\/information\/easyapache-4-release-notes\/\" target=\"_blank\" rel=\"noopener\">EasyApache 4 Release Notes<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>cPanel, L.L.C. has released an update for&nbsp;EasyApache 4!&nbsp; Take a look at some highlights below, and then join us on&nbsp;the&nbsp;cPanel Community Forums,&nbsp;Discord,&nbsp;or&nbsp;Reddit&nbsp;to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels. ea-apache24 EA-12070: Update ea-apache2 from v2.4.58 to v2.4.59 low: Apache &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-56157","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56157"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56157\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}