EasyApache 2018-01-25 Security Release
SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with cURL version 7.58.0 on January 25, 2018. This release addresses vulnerabilities related to CVE-2018-1000007. We strongly encourage cURL users to upgrade to version 7.58.0.
AFFECTED VERSIONS
All versions of cURL through 7.57.0
سرور شما نیاز به مدیریت و پشتیبانی دارد؟h3>
پیکربندی، مانیتورینگ و نگهداری حرفهای سرورهای لینوکسی و ویندوزی.
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2018-1000007 – MEDIUM
cURL 7.58.0
Fixed bug in authorization: headers related to CVE-2018-1000007
SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on January 25, 2018, with a updated versions of cURL 7.58.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2018-1000007
https://curl.haxx.se/changes.html
https://curl.haxx.se/docs/adv_2018-b3bf.html
For the PGP-signed message, please see EA4 2018-1-25 CVE