-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 and EasyApache 3 3.34.16 on September 19, 2017, with a patched versions of Apache 2.2 and 2.4 to address the optionsbleed vulnerability related to CVE-2017-9798. We strongly encourage all Apache 2.2 and 2.4 users to upgrade their system and obtain the patch.
 

AFFECTED VERSIONS
All versions of Apache 2.4 through 2.4.27
All versions of Apache 2.2 through 2.2.34

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2017-9798 - HIGH

Apache 2.4.27-8
Patched optionsbleed vulnerability related to CVE-2017-9798

Apache 2.2.34
Patched optionsbleed vulnerability related to CVE-2017-9798

SOLUTION
cPanel, Inc. has released EasyApache 3.34.17 with updated versions of Apache 2.2 and Apache 2.4. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of Apache.

cPanel, Inc. has released updated RPMs for EasyApache 4 on September 19, 2017, with an updated versions of Apache 2.4. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. 

REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2017-9798
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZwYXjAAoJEJUhvtyr2U3fZNoP/isxnHOrZdnwBSIO4+pE5QZL
eC0p+yJtkhvIfY0WVdSXtuXAG2NZ7zAQ2k7KJl7ZxACbAN+Z9ZchurhtSCZNscBy
fIM2F3gSM2tyuTxijEFM6A71TGovP17GWzA9BristbIdIn01A+wDjfy4z32YC7WQ
bz84dSrkZxLVANOoi7vrX55d1q/YMQs52IOiGZt3GP4dbivyfD6lqfm47aIN429S
EvnjceMz/R4giPiMNlSTGmRRMLvs5MbJXzRPX2ihtTKfiRj0R0ghgJ1syzANzOi2
XsvnF+F7D7+E80qqa+BsZiGu3ZOOubvzuf0sk3VtADZN8NxYBSwvfXRgDG+NHHav
f0JN12HLHLJhWAALUU7ugPvT87jSdSHklZpQ3V+w/CRqMHWDWqj7fQt8atB9Cjr9
vZJMzuexWkdyym77yfIZOLQ2ZfHRJxo4jW+5EeaRA5JJUFBby/w9jLGovBSe1LTL
3+EQFXXVdZoIuBH/lMoybM/yae/A2cBpqmLKXjWQdreEDVpPHnoNGx+QRGV50cZn
3+JVGWYkIyMZpqUoWbcREuroEDHuKk84XNwqp1D60J7DsiKOvj2jsWV0mexUXs1j
PeeoHz4W447zK1MuqobOANTheRfROSuciT7zYtHor4pviHN6aO4aj+ywtidIFkqL
VOEV52KV7F2vBEvHGd/z
=VT7L
-----END PGP SIGNATURE-----