-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 on July 18, 2017, with Apache version 2.4.27. This release addresses vulnerabilities related to CVE-2017-7679, CVE-2017-7668, CVE-2017-7659, CVE-2017-3169, and CVE-2017-3167. We strongly encourage all Apache 2.4 users to upgrade to version 2.4.27. AFFECTED VERSIONS All versions of Apache 2.4 through version 2.4.25 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2017-7679 - HIGH Apache 2.4.27 Fixed bug in mod_mime related to CVE-2017-7679 CVE-2017-7668 - HIGH Apache 2.4.27 Fixed bug in HTTP strict parsing related to CVE-2017-7668 CVE-2017-7659 - MEDIUM Apache 2.4.27 Fixed bug in mod_http2 related to CVE-2017-7659 CVE-2017-3169 - HIGH Apache 2.4.27 Fixed bug in mod_ssl related to CVE-2017-3169 CVE-2017-3167 - HIGH Apache 2.4.27 Fixed bug in ap_get_basic_auth_pw() related to CVE-2017-3167 SOLUTION cPanel, Inc. has released updated RPMs for EasyApache 4 on July 18, 2017, with an updated version of Apache 2.4.27. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7679 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7668 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7659 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3169 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3167 http://www.apache.org/dist/httpd/CHANGES_2.4 SUMMARY cPanel, Inc. has released EasyApache 3.34.15 with Apache versions 2.2.34 and 2.4.27. This release addresses vulnerabilities related to CVE-2017-7679, CVE-2017-7668, CVE-2017-7659, CVE-2017-3169, and CVE-2017-3167. We strongly encourage all Apache 2.2 users to upgrade to version 2.2.34 and all apache 2.4 users to upgrade to version 2.4.27. AFFECTED VERSIONS All versions of Apache 2.2 through 2.2.32 All versions of Apache 2.4 through 2.4.25 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2017-7679 - HIGH Apache 2.2.34 Fixed bug in mod_mime related to CVE-2017-7679 Apache 2.4.27 Fixed bug in mod_mime related to CVE-2017-7679 CVE-2017-7668 - HIGH Apache 2.2.34 Fixed bug in HTTP strict parsing related to CVE-2017-7668 Apache 2.4.27 Fixed bug in HTTP strict parsing related to CVE-2017-7668 CVE-2017-7659 - MEDIUM Apache 2.4.27 Fixed bug in mod_http2 related to CVE-2017-7659 CVE-2017-3169 - HIGH Apache 2.2.34 Fixed bug in mod_ssl related to CVE-2017-3169 Apache 2.4.27 Fixed bug in mod_ssl related to CVE-2017-3169 CVE-2017-3167 - HIGH Apache 2.2.34 Fixed bug in ap_get_basic_auth_pw() related to CVE-2017-3167 Apache 2.4.27 Fixed bug in ap_get_basic_auth_pw() related to CVE-2017-3167 SOLUTION cPanel, Inc. has released EasyApache 3.34.15 with an updated versions of Apache 2.2.34 and Apache 2.4.27. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of Apache. REFERENCES https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7679 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7668 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7659 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3169 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3167 http://www.apache.org/dist/httpd/CHANGES_2.2 http://www.apache.org/dist/httpd/CHANGES_2.4 -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZbg2fAAoJEJUhvtyr2U3ffowQAKSwaCUE1j8ozhbBFAt0YDhB y1jzOWBlq67/3XnkRppYY5dn28TGSf7ZGmN/CL8EDS+L9+u25apd9pjjhJ7CtyBt u6osECq9roBGTzaRETj1tlNbU3XsRrsCtK35lLv+gc1jH69Sqajm32hLfbJo/Dtl feSbN+3bmkXgHIa47NJhaApbJIsEEopFpnWOBjv5LZZcp+VAZ8KG9wK9doqcZH2m lWOQfsPVYOJaNd/pctaMheWghZrpeifqMrd8/XibEUl0ye+adlHxP5jiQmJqrZNo uReJpT2sIAz697Ru7WfOAbMBOkbRgZuVInQm0ianOomRwM22pBPDLngulVIG5dG3 N4tNLgQvDl9PesyxP6mAtYGYRA9enJg4fJiwGEDKkfFbuv+qXHnc88n9DgnyjKrM Eyo6ElqNY61pOf1/TtfGyOmx/GItlxd3wsEmrWClX/a7XmbYLBxWFhHYoauRw8A0 t9YUs3or7TQvtKBMFFNiEiO6agIlRxYTRr3nx4wgUeUTzBHmmYPgDs1aVK55DXOS Vfl7yn1670My87YcZN6il879uL+icTKru/C51A9muSzotsTYXWwwaYu3mdlS/ose OqdLXoQ4xYSV2LMQcvviK/JyJrt9WYxfYlze067NerIqEPzBU5OLw4H8tLtTqOAR mliPoBso8x1m8X2eoFV7 =GKvo -----END PGP SIGNATURE-----