We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1p. This release addresses vulnerabilities related to CVE-2022-2068. We strongly encourage all OpenSSL users to update to version 1.1.1p.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1o.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with PHP versions 7.4.30, 8.0.20, and 8.1.7 and Apache version 2.4.54. This release addresses vulnerabilities related to CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813, CVE-2022-31626, and CVE-2022-31625. We strongly encourage all PHP 7.4 users to update to version 7.4.30, all PHP 8.0 users to update to version 8.0.20, all PHP 8.1 users to update to version 8.1.7, and all Apache users to update to version 2.4.54.

AFFECTED VERSIONS
All versions of PHP 7.4 through 7.4.29.
All versions of PHP 8.0 through 8.0.19.
All versions of PHP 8.1 through 8.1.6.
All versions of Apache through 2.4.53.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-26377 – MEDIUM
Apache 2.4.54
Fixed vulnerability in the mod_proxy_ajp module related to CVE-2022-26377.

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
SEC-629

Summary

Respect the “no_create” parameter in BoxTrapper_getemaildirs.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having a CVSSv3.1 score of 2.2 to 8.0.

Information on cPanel’s security ratings is available at https://go.cpanel.net/securitylevels .

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-openssl11

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1o. This release addresses vulnerabilities related to CVE-2022-1473 and CVE-2022-1292. We strongly encourage all OpenSSL users to upgrade to version 1.1.1o.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1n.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-modsec2-rules-owasp-crs

ea-nginx

ea-tomcat85

ea-php80

ea-php80-meta

ea-php81

ea-php81-meta

ea-nodejs16

ea-cpanel-tools

ea-profiles-cpanel

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1n in NodeJS. This release addresses vulnerabilities related to CVE-2022-0778. We strongly encourage all NodeJS users to upgrade to version 16.14.2 and take advantage of this OpenSSL fix.

AFFECTED VERSIONS
All versions of NodeJS through 16.14.1.
All versions of OpenSSL through 1.1.1m.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2022-0778 – HIGH
OpenSSL 1.1.1n
Fixed vulnerability related to CVE-2022-0778.

We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-openssl11

This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with OpenSSL version 1.1.1n. This release addresses vulnerabilities related to CVE-2022-0778. We strongly encourage all OpenSSL users to upgrade to version 1.1.1n.

AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1m.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

HOUSTON, March 9, 2022 /PRNewswire/ — cPanel® L.L.C., the Hosting Platform of Choice, a WebPros® portfolio company, is expanding its collaboration with Ubuntu to provide full support for Ubuntu LTS 20.04 with cPanel & WHM version 102.

In the winter of 2020, CentOS 8 announced that it would be reaching its end-of-life in December of 2021. This news was somewhat unexpected in the open-source and web hosting worlds. In response, cPanel has been working towards providing solutions that will benefit our partners and customers and expand options as we move forward together.

Our Commitment to Growth
Aila Power, VP of Product Development, said: “Ubuntu is a solid Linux Distribution with a great track record of security and innovation. I’m really excited that cPanel & WHM are now available on this distro that is the first choice for many when they build a new application.” We provide greater Operating System (OS) diversity, more substantial stability, and increased safety for our customers and their customers. 

Our collaboration with Ubuntu will give cPanel & WHM users more open-source Linux distribution architecture options within their current infrastructure while providing a more robust business suite of solutions to help customers scale and expand their business hosting operations.

“Ubuntu has long been the platform of choice for large scale compute estates and Canonical are delighted to partner with cPanel to mitigate the impact on long term stability and predictability brought about by the changes to CentOS” shared Mark Lewis, VP of Application Services, at Canonical | Ubuntu.