-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 *** CORRECTED for date and version number *** SUMMARY cPanel, Inc. has released updated RPMs for EasyApache 4 and EasyApache 3.34.17 on September 20, 2017, with a patched versions of Apache 2.2 and 2.4 to address the optionsbleed vulnerability related to CVE-2017-9798. We strongly encourage all Apache 2.2 and 2.4 users to upgrade their system and obtain the patch. AFFECTED VERSIONS All versions of Apache 2.4 through 2.4.27 All versions of Apache 2.2 through 2.2.34 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2017-9798 - HIGH Apache 2.4.27-8 Patched optionsbleed vulnerability related to CVE-2017-9798 Apache 2.2.34 Patched optionsbleed vulnerability related to CVE-2017-9798 SOLUTION cPanel, Inc. has released EasyApache 3.34.17 with updated versions of Apache 2.2 and Apache 2.4. Unless you have disabled EasyApache updates, the EasyApache application updates to the latest version when launched. Run EasyApache to rebuild your profile with the latest version of Apache. cPanel, Inc. has released updated RPMs for EasyApache 4 on September 20, 2017, with an updated versions of Apache 2.4. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2017-9798 https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.htmla -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZwoITAAoJEJUhvtyr2U3fEfUP/33qveIKPOrkq8R11dUmgcTu kM0qnKxc3TV/APIGC2LZOJ6iRq273/YZYYhMXxdLfredFucF4uwJ+JsmTrE5MA5F SsgRQp3X53JjfqhHbubiJw5qS4W3YsL4AN6vgEqyIkgtvddNSloXS7WiM7rcbaqv tEQUYBo5xK8sW2eZ+fcb2SzJF6vgRjZC5BaahKcGDNxUZwhJ+eYc+C658hwDfzWc Ke2Nw+k4vxSkyfDj55WFkO/YbGeuwj3IBzRPbPHO3QOHbV1xwbujxK7ncha9WFl2 v+qIhNQcoa4rdLNWcRnyUGuA8U2khz1L2cdQ6rj/BnZq6E7K740D+7Yz/ciy1QPi NkPjep0GGO1scE8ix584EpdUGpRXfUKChnHilF+U6qf47j/Ywof6WZmyhesfyILS pRY4O/c/bWuILGh3+FxoCPgqFqv53oNa1rmK++cfELTrTmwuPJjJ2tEBE6/2URg8 O71A+HoMoWqfCdLRQeeOOrfx2ZtBeoSymHOfskomSE6YMNI8M47IZr+rh7cuRI5R 24/t52btPESuXMuAkbfnP3S0lOXJ6bpPd4IWDgeIk7Zvc0LOw68E8twSvlPet80U 2A3u0L1GVcLyq2jv166jWWy14MVhCbwWQsa5jKi9qjM+yXsFoRvUIMAhLIEZucVm HCteyU5//LABxpDNjFXJ =SoqL -----END PGP SIGNATURE-----