{"id":2215,"date":"2017-12-24T12:02:53","date_gmt":"2017-12-24T09:02:53","guid":{"rendered":"http:\/\/news.cpanel.com\/?p=54305"},"modified":"2017-12-24T12:02:53","modified_gmt":"2017-12-24T09:02:53","slug":"easyapache-2017-11-07-security-release","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/easyapache-2017-11-07-security-release\/","title":{"rendered":"EasyApache 2017-11-07 Security Release"},"content":{"rendered":"<p>SUMMARY<br \/>cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with OpenSSL 1.0.2m. This release addresses vulnerabilities related to CVE-2017-3736 and CVE-2017-3735. We strongly encourage all OpenSSL users to upgrade to version 1.0.2m.<\/p>\n<p>AFFECTED VERSIONS<br \/>All versions of OpenSSL through 1.0.2l<\/p>\n<p>SECURITY RATING<br \/>The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:<\/p>\n<p>CVE-2017-3735 \u2013 LOW<br \/>OpenSSL 1.0.2m<br \/>Fix parse error in the IPAdressFamily extension related to CVE-2017-3735<\/p>\n<p>CVE-2017-3736 \u2013 MEDIUM<br \/>OpenSSL 1.0.2m<br \/>Fix carry propagating bug in x86_64 Montgomery squaring procedure related to CVE-2017-3736<\/p>\n<p>SOLUTION<br \/>cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with an updated version of OpenSSL version 1.0.2m. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM\u2019s Run System Update interface.<\/p>\n<p>REFERENCES<br \/>https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-3736<br \/>https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-3735<br \/>https:\/\/www.openssl.org\/news\/secadv\/20171102.txt<\/p>\n<p>For the PGP signed message, please see <a href=\"http:\/\/news.cpanel.com\/wp-content\/uploads\/2017\/11\/EA4-2017-11-7-CV.txt\" target=\"_blank\" rel=\"noopener\">EA4 2017-11-7 CVE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SUMMARYcPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with OpenSSL 1.0.2m. This release addresses vulnerabilities related to CVE-2017-3736 and CVE-2017-3735. We strongly encourage all OpenSSL users to upgrade to version 1.0.2m. AFFECTED VERSIONSAll versions of OpenSSL through 1.0.2l SECURITY RATINGThe National Vulnerability Database (NIST) has given the following severity ratings &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-2215","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/2215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=2215"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/2215\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=2215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=2215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=2215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}