EasyApache 4 2018-11-07 Security Release

cPanel TSR-2018-0004 Announcement
cPanel & WHM Version 66 Now EOL
cPanel & WHM Version 76 in RELEASE

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.62.0. This release addresses vulnerabilities related to CVE-2018-16839, CVE-2018-16840, and CVE-2018-16842. We strongly encourage all cURL users to update to version 7.62.0.

AFFECTED VERSIONS
All versions of cURL through cURL 7.61.0

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2018-16839 – MEDIUM
cURL 7.62.0
Fixed bug related to CVE-2018-16839

CVE-2018-16840 – MEDIUM
cURL 7.62.0
Fixed bug related to CVE-2018-16840

CVE-2018-16842 – MEDIUM
cURL 7.62.0
Fixed bug related to CVE-2018-16842

SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on November 7, 2018, with cURL version 7.62.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.

REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2018-16839
https://nvd.nist.gov/vuln/detail/CVE-2018-16840
https://nvd.nist.gov/vuln/detail/CVE-2018-16842
https://curl.haxx.se/changes.html

For the PGP-signed message, please see EA 2018-11-7 signed.

COMMENTS