{"id":12343,"date":"2019-04-04T17:07:56","date_gmt":"2019-04-04T17:07:56","guid":{"rendered":"http:\/\/news.cpanel.com\/?p=56661"},"modified":"2019-04-04T17:07:56","modified_gmt":"2019-04-04T17:07:56","slug":"easyapache-4-apr-3-release","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/easyapache-4-apr-3-release\/","title":{"rendered":"EasyApache 4 Apr 3 Release"},"content":{"rendered":"<div><img decoding=\"async\" class=\"ff-og-image-inserted\" src=\"http:\/\/news.cpanel.com\/wp-content\/uploads\/2017\/01\/og-cPnews-1.jpg\" alt=\"\" title=\"\"><\/div>\n<p><strong>Note:\u00a0This\u00a0update\u00a0includes\u00a0patches\u00a0for\u00a0the\u00a0recently\u00a0announced\u00a0Apache\u00a0vulnerabilities. For more information, please review\u00a0<\/strong><a href=\"https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html#CVE-2019-0211\" target=\"_blank\" rel=\"noopener\"><strong>\u00a0CVE-2019-0211.<\/strong><\/a><\/p>\n<p>We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes a version update for ea-apache24 to 2.4.39, resolution to an issue with the installation of ea-liblsapi, and a solution for the premature stoppage of \/scripts\/ea-tomcat85. Please review the release in its entirety, then join us on\u00a0<a href=\"https:\/\/go.cpanel.net\/slack\" target=\"_blank\" rel=\"noopener\">Slack<\/a>,\u00a0<a href=\"https:\/\/go.cpanel.net\/discord\" target=\"_blank\" rel=\"noopener\">Discord<\/a>, or\u00a0<a href=\"https:\/\/reddit.com\/r\/cpanel\/\" target=\"_blank\" rel=\"noopener\">Reddit<\/a>\u00a0to talk about this update and much more<\/p>\n<h3>2019-4-3<\/h3>\n<ul>\n<li><strong>ea-apache2<\/strong>\n<ul>\n<li>EA-8307: Update Apache to 2.4.39, drop 2.4.38<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-apache2-config<\/strong>\n<ul>\n<li>EA-8305: Revert change in EA-8250<\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-liblsapi<\/strong>\n<ul>\n<li>EA-8300: Cannot reinstall\u00a0<code>ea-liblsapi<\/code>\u00a0because of conflicts with\u00a0<code>liblsapi<\/code><\/li>\n<\/ul>\n<\/li>\n<li><strong>ea-tomcat85<\/strong>\n<ul>\n<li>EA-8241:\u00a0<code>\/scripts\/ea-tomcat85<\/code>\u00a0prematurely dies if\u00a0<code>fs.protected_symlinks_create<\/code>\u00a0is enabled<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>This release includes a security patch that has been issued a fix for a CVE (Common Vulnerabilities and Exposures), the details of which are included below.<\/p>\n<p><strong>SUMMARY<\/strong><br \/>\ncPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. We strongly encourage all Apache users to upgrade to version 2.4.39.<\/p>\n<p><strong>AFFECTED VERSIONS<\/strong><\/p>\n<p>All versions of Apache through 2.4.38<\/p>\n<p><strong>SECURITY RATING<\/strong><\/p>\n<p>The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:<\/p>\n<p>CVE-2019-0197 \u2013 MEDIUM<br \/>\nApache 2.4.39<br \/>\nFixed bug in the http2 module related to CVE-2019-0197<\/p>\n<p>CVE-2019-0196 \u2013 MEDIUM<br \/>\nApache 2.4.39<br \/>\nFixed bug in the http2 module related to CVE-2019-0196<\/p>\n<p>CVE-2019-0211 \u2013 CRITICAL<br \/>\nApache 2.4.39<br \/>\nFixed bug in Unix MPMs related to CVE-2019-0211<\/p>\n<p>CVE-2019-0217 \u2013 HIGH<br \/>\nApache 2.4.39<br \/>\nFixed bug in mod_auth_digest related to CVE-2019-0217<\/p>\n<p>CVE-2019-0215 \u2013 HIGH<br \/>\nApache 2.4.39<br \/>\nFixed bug in the SSL module related to CVE-2019-0215<\/p>\n<p>CVE-2019-0220 \u2013 MEDIUM<br \/>\nApache 2.4.39<br \/>\nFixed bug related to CVE-2019-0220<\/p>\n<p><strong>SOLUTION<\/strong><br \/>\ncPanel, L.L.C. has released updated RPMs for EasyApache 4 on April 3, 2019, with an updated version of Apache version 2.4.39. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM\u2019s Run System Update interface.<\/p>\n<p><strong>REFERENCES<\/strong><br \/>\n<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0197\" target=\"_blank\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0197<\/a><br \/>\n<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0196\" target=\"_blank\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0196<\/a><br \/>\n<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0211\" target=\"_blank\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0211<\/a><br \/>\n<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0217\" target=\"_blank\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0217<\/a><br \/>\n<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0215\" target=\"_blank\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0215<\/a><br \/>\n<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0220\" target=\"_blank\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0220<\/a><br \/>\n<a href=\"http:\/\/www.apache.org\/dist\/httpd\/CHANGES_2.4\" target=\"_blank\" rel=\"noopener\">http:\/\/www.apache.org\/dist\/httpd\/CHANGES_2.4<\/a><\/p>\n<p>For the PGP-signed message, please see <a href=\"http:\/\/news.cpanel.com\/wp-content\/uploads\/2019\/04\/EA4-2019-4-3-CVE-signed.txt\" target=\"_blank\" rel=\"noopener\">EA4-2019-4-3-CVE-signed.<\/a><\/p>\n<p><strong>More Information<\/strong><\/p>\n<p>Information about all releases this year can be found in the\u00a0<a href=\"https:\/\/documentation.cpanel.net\/display\/EA4\/EasyApache+4+Change+Log+2019\" target=\"_blank\" rel=\"noopener\">2019 EasyApache 4 Changelog<\/a>\u00a0and\u00a0the\u00a0<a href=\"https:\/\/documentation.cpanel.net\/display\/EA4\/EasyApache+4+Release+Notes\" target=\"_blank\" rel=\"noopener\">EasyApache 4 Release Notes<\/a>. To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the Product and Security updates\u00a0mailing list on\u00a0<a href=\"https:\/\/cpanel.net\/mailing-list\" target=\"_blank\" rel=\"noopener\">our website.<\/a>\u00a0You can also sign up for our\u00a0<a href=\"http:\/\/mail.cpanel.net\/mailman\/listinfo\/ea4development-announce_cpanel.net\" target=\"_blank\" rel=\"noopener\">EasyApache Development<\/a>\u00a0and\u00a0<a href=\"http:\/\/mail.cpanel.net\/mailman\/listinfo\/ea4production-announce_cpanel.net\" target=\"_blank\" rel=\"noopener\">EasyApache Production<\/a>\u00a0lists to see when updates are pushed for our RPMs, letting you know ahead of time what will be updated in each EasyApache release.<\/p>\n<p>\u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u0631\u0648\u0631 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0648 \u0645\u0634\u0627\u0648\u0631\u0647 &#8211; \u062b\u0628\u062a \u062f\u0627\u0645\u0646\u0647<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Note:\u00a0This\u00a0update\u00a0includes\u00a0patches\u00a0for\u00a0the\u00a0recently\u00a0announced\u00a0Apache\u00a0vulnerabilities. For more information, please review\u00a0\u00a0CVE-2019-0211. We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! This release includes a version update for ea-apache24 to 2.4.39, resolution to an issue with the installation of ea-liblsapi, and a solution for the premature stoppage of \/scripts\/ea-tomcat85. Please review the release in its &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-12343","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/12343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=12343"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/12343\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=12343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=12343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=12343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}