SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. This release addresses vulnerabilities related to CVE-2022-31630, CVE-2022-37454, and CVE-2022-43548. We strongly encourage all PHP 7.4 users to update to version 7.4.33 and all ea-nodejs16 users to update to version 16.18.1.
AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.32.
All versions of ea-nodejs16 through 16.18.0.
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2022-31630 - HIGH
PHP 7.4.33
Fixed vulnerability related to CVE-2022-31630.
CVE-2022-37454 - CRITICAL
PHP 7.4.33
Fixed vulnerability related to CVE-2022-37454.
CVE-2022-43548 - MEDIUM
Ea-nodejs16 16.18.1
Fixed vulnerability related to CVE-2022-43548
SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on November 9, 2022, with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.
REFERENCES
www.php.net
github.com
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. This release addresses vulnerabilities related to CVE-2022-31630, CVE-2022-37454, and CVE-2022-43548. We strongly encourage all PHP 7.4 users to update to version 7.4.33 and all ea-nodejs16 users to update to version 16.18.1.
AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.32.
All versions of ea-nodejs16 through 16.18.0.
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2022-31630 - HIGH
PHP 7.4.33
Fixed vulnerability related to CVE-2022-31630.
CVE-2022-37454 - CRITICAL
PHP 7.4.33
Fixed vulnerability related to CVE-2022-37454.
CVE-2022-43548 - MEDIUM
Ea-nodejs16 16.18.1
Fixed vulnerability related to CVE-2022-43548
SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on November 9, 2022, with PHP version 7.4.33 and ea-nodejs16 version 16.18.1. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.
REFERENCES
PHP: PHP 7 ChangeLog
www.php.net
node/CHANGELOG_V16.md at main · nodejs/node
Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles: - node/CHANGELOG_V16.md at main · nodejs/node
github.com
