EasyApache June 15 Release

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-apache24 EA-10756: Update ea-apache2 from v2.4.53 to v2.4.54 CVE-2022-26377: mod_proxy_ajp: Possible request smuggling CVE-2022-28330: Read beyond bounds in mod_isapi CVE-2022-28614: Read beyond bounds via ap_rwrite() CVE-2022-28615: Read beyond bounds in ap_strcmp_match() CVE-2022-29404: Denial of service in mod_lua r:parsebody CVE-2022-30522: mod_sed: Denial of service CVE-2022-30556: Information Disclosure in mod_lua with websockets CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism ea-nodejs16 EA-10748: Update ea-nodejs16 from v16.15.0 to v16.15.1 ea-tomcat85 EA-10761: Update ea-tomcat85 from v8.5.79 to v8.5.81 ea-php74 ea-php74-meta EA-10757: Update ea-php74 from v7.4.29 to v7.4.30 mysqlnd: Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) pgsql: Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)  ea-php80 ea-php80-meta EA-10760: Update ea-php80 from v8.0.19 to v8.0.20 mysqlnd: Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) pgsql: Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) ea-php81 ea-php81-meta EA-10758: Update ea-php81 from v8.1.6 to v8.1.7 mysqlnd: Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) pgsql: Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)  ea-podman ZC-9993: Add script for dev/QA/smold4r to be able to test against internal docker hub ea-podman-repo ZC-10010: enable powertools on Rocky 8 ea-nginx ZC-9940: Change worker_processes default back to 1 ZC-9940: Have worker_shutdown_timeout default to 10 seconds

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.4.30, 8.0.20, and 8.1.7 and Apache version 2.4.54. This release addresses vulnerabilities related to CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-31626, and CVE-2022-31625. We strongly encourage all PHP 7.4 users to update to version 7.4.30, all PHP 8.0 users to update to version 8.0.20, all PHP 8.1 users to update to version 8.1.7, and all Apache users to update to version 2.4.54.

AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.29.
All versions of PHP 8.0 through 8.0.19.
All versions of PHP 8.1 through 8.1.6.
All versions of Apache through 2.4.53.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-26377 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_proxy_ajp module related to CVE-2022-26377.

CVE-2022-28330 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_isapi module related to CVE-2022-28330.

CVE-2022-28614 – MEDIUM
Apache 2.4.54
Fixed vulnerability related to CVE-2022-28614.

CVE-2022-28615 – MEDIUM
Apache 2.4.54
Fixed vulnerability related to CVE-2022-28615.

CVE-2022-29404 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_lua module related to CVE-2022-29404.

CVE-2022-30522 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_sed module related to CVE-2022-30522.

CVE-2022-30556 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_lua module related to CVE-2022-30556.

CVE-2022-31813 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_proxy module related to CVE-2022-31813.

CVE-2022-31626 – MEDIUM
PHP 7.4.30

EA4-2022-6-15-CVE.signedDownload

More Information

Information about all releases this year can be found in the 2022 EasyApache 4 Changelog and the EasyApache 4 Release Notes. You can also sign up for our EasyApache Development and EasyApache Production mailing lists to see when updates are pushed for our RPMs, letting you know ahead of time what will be updated in each EasyApache release.

Original author: Rhoda Arnes

Copyright

© Cpanel

Everything You Need to Know About Social Media Bra...
Canva Uses This Marketing Strategy To Attract Over...
 

By accepting you will be accessing a service provided by a third-party external to https://divethewebcreations.biz/

Advertisement