{"id":58127,"date":"2024-07-10T22:17:16","date_gmt":"2024-07-10T19:17:16","guid":{"rendered":"https:\/\/news.cpanel.com\/?p=63081"},"modified":"2024-07-10T22:17:16","modified_gmt":"2024-07-10T19:17:16","slug":"easyapache4-2024-07-10-maintenance-and-security-release","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/easyapache4-2024-07-10-maintenance-and-security-release\/","title":{"rendered":"EasyApache4 2024-07-10 Maintenance and Security Release"},"content":{"rendered":"<p>cPanel, L.L.C. has released an update for&nbsp;<a href=\"https:\/\/docs.cpanel.net\/ea4\/basics\/introduction-to-easyapache-4\/\" target=\"_blank\" rel=\"noopener\">EasyApache 4!<\/a>&nbsp; Take a look at some highlights below, and then join us on&nbsp;the&nbsp;<a href=\"https:\/\/forums.cpanel.net\/forums\/cpanel-announcements.133\/\" target=\"_blank\" rel=\"noopener\">cPanel Community Forums<\/a>,&nbsp;<a href=\"https:\/\/go.cpanel.net\/discord\" target=\"_blank\" rel=\"noopener\">Discord<\/a>,&nbsp;or&nbsp;<a href=\"https:\/\/reddit.com\/r\/cpanel\/\" target=\"_blank\" rel=\"noopener\">Reddit<\/a>&nbsp;to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.<\/p>\n<ul>\n<li><strong>ea-nodejs18<\/strong>\n<ul>\n<li>EA-12274: Update ea-nodejs18 from v18.20.3 to v18.20.4<br \/>\u2013 CVE-2024-36138 \u2013 Bypass incomplete fix of CVE-2024-27980 (High)<br \/>\u2013 CVE-2024-22020 \u2013 Bypass network import restriction via data URL (Medium)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-nodejs20<\/strong>\n<ul>\n<li>EA-12264: Update ea-nodejs20 from v20.15.0 to v20.15.1<br \/>\u2013 CVE-2024-36138 \u2013 Bypass incomplete fix of CVE-2024-27980 (High)<br \/>\u2013 CVE-2024-22020 \u2013 Bypass network import restriction via data URL (Medium)<br \/>\u2013 CVE-2024-22018 \u2013 fs.lstat bypasses permission model (Low)<br \/>\u2013 CVE-2024-36137 \u2013 fs.fchown\/fchmod bypasses permission model (Low)<br \/>\u2013 CVE-2024-37372 \u2013 Permission model improperly processes UNC paths (Low)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-nodejs22<\/strong>\n<ul>\n<li>EA-12265: Update ea-nodejs22 from v22.3.0 to v22.4.1<br \/>\u2013 CVE-2024-36138 \u2013 Bypass incomplete fix of CVE-2024-27980 (High)<br \/>\u2013 CVE-2024-22020 \u2013 Bypass network import restriction via data URL (Medium)<br \/>\u2013 CVE-2024-22018 \u2013 fs.lstat bypasses permission model (Low)<br \/>\u2013 CVE-2024-36137 \u2013 fs.fchown\/fchmod bypasses permission model (Low)<br \/>\u2013 CVE-2024-37372 \u2013 Permission model improperly processes UNC paths (Low)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-apache24<\/strong>\n<ul>\n<li>EA-12261: Update ea-apache2 from v2.4.59 to v2.4.61<br \/>\u2013 important: Apache HTTP Server: source code disclosure with handlers configured via AddType (CVE-2024-39884)<br \/>\u2013 low: Apache HTTP Server: DoS by Null pointer in websocket over HTTP\/2 (CVE-2024-36387)<br \/>\u2013 important: Apache HTTP Server on WIndows UNC SSRF (CVE-2024-38472)<br \/>\u2013 moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473)<br \/>\u2013 important: Apache HTTP Server weakness with encoded question marks in backreferences (CVE-2024-38474)<br \/>\u2013 important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475)<br \/>\u2013 important: Apache HTTP Server may use exploitable\/malicious backend application output to run local handlers via internal redirect (CVE-2024-38476)<br \/>\u2013 important: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (CVE-2024-38477)<br \/>\u2013 moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>ea-openssl11<\/strong>\n<ul>\n<li>EA-12205: Patch ea-openssl11 for CVE-2024-4741<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>SOLUTION<br \/><\/strong>cPanel, L.L.C. has released updated packages for EasyApache 4 on July 10, 2024. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM\u2019s Run System Update interface.<\/p>\n<p>Information about all releases this year can be found in the&nbsp;<a href=\"https:\/\/docs.cpanel.net\/changelogs\/easyapache-4-change-log-2024\/\" target=\"_blank\" rel=\"noopener\">2024 EasyApache 4 Changelog&nbsp;<\/a>and&nbsp;the&nbsp;<a href=\"https:\/\/docs.cpanel.net\/ea4\/information\/easyapache-4-release-notes\/\" target=\"_blank\" rel=\"noopener\">EasyApache 4 Release Notes<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>cPanel, L.L.C. has released an update for&nbsp;EasyApache 4!&nbsp; Take a look at some highlights below, and then join us on&nbsp;the&nbsp;cPanel Community Forums,&nbsp;Discord,&nbsp;or&nbsp;Reddit&nbsp;to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels. ea-nodejs18 EA-12274: Update ea-nodejs18 from v18.20.3 to v18.20.4\u2013 CVE-2024-36138 \u2013 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-58127","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58127"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58127\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}