cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. We strongly encourage all Passenger users to update their system to obtain the patch.
All versions of Passenger
This update patches a vulnerability where a user can list the contents of arbitrary files on the system when Passenger runs as the root user.
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 16, 2017, with a patch for Passenger. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.
For the PGP Signed message, please see EA4 2017-10-16 Sec Adv