SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on December 5, 2017, with cURL 7.57.0 and a patch for APR 1.5.2. This release addresses vulnerabilities related to CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, and CVE-2017-12613. We strongly encourage all cURL users to upgrade to version 7.57.0 and all APR users to apply the patch.<\/p>\n
AFFECTED VERSIONS
All versions of cURL through 7.56.1
All versions of APR through 1.5.2<\/p>\n
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:<\/p>\n
CVE-2017-8816 \u2013 MEDIUM
cURL 7.56.1
Fix buffer overrun flaw related to CVE-2017-8816<\/p>\n
CVE-2017-8817 \u2013 MEDIUM
cURL 7.56.1
Fix read out of bounds flaw related to CVE-2017-8817<\/p>\n
CVE-2017-8818 \u2013 MEDIUM
cURL 7.56.1
Fix read out of bounds flaw related to CVE-2017-8818<\/p>\n
CVE-2017-12613 \u2013 HIGH
APR 1.5.2
Fix out-of-bounds array deref bug related to CVE-2017-12613<\/p>\n
SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on December 5, 2017, with an updated version of cURL 7.57.0 and a patch for APR 1.5.2. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM\u2019s Run System Update interface.<\/p>\n
REFERENCES
https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-8816
https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-8817
https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-8818
https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-12613
https:\/\/curl.haxx.se\/changes.html<\/p>\n