-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 3, 2017, with Ruby 2.4.2. This release addresses vulnerabilities related to CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, and CVE-2017-14064. We strongly encourage all Ruby users to upgrade to version 2.4.2. 
 
 
AFFECTED VERSIONS
All versions of RubyGems through 2.4.1
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2017-0898 - HIGH
Ruby 2.4.1
Fix buffer underrun vulnerability in Kernal.sprintf related to CVE-2017-0898

CVE-2017-10784 - MEDIUM
Ruby 2.4.1
Fix escape sequence injection vulnerability related to CVE-2017-10784

CVE-2017-14033 - HIGH
Ruby 2.4.1
Fix buffer underrun vulnerability related to CVE-2017-14033

CVE-2017-14064 - HIGH
Ruby 2.4.1
Fix heap exposure when generating JSON related to CVE-2017-14064

a
SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on October 3, 2017, with an updated version of Ruby version 2.4.2. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2017-0898
https://nvd.nist.gov/vuln/detail/CVE-2017-10784
https://nvd.nist.gov/vuln/detail/CVE-2017-14033
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZ0/ATAAoJEJUhvtyr2U3fByAQAJvQ0GuPFZafZOewAj39+Y4F
ZZp/T7EC+fmEoVMxSkYmqz+I9pqiICFWg1QFTY0Y+Q3Hqfx/SMkPrbI7rwoG0FKu
JkSKnfgSJ+cd4eKtO+CpoFM0RsNhhAI/zjd6HP75uCcC/fLPHVQnC2523cUWs9iO
o8FEW9z4zbDY2X33osreXaGCEb60zHtmqC+vjiCM1KNDLKvN3z5pzVTeqkREdlY/
GBLap/1BkqWlH336ZNTo+S08hOamBCYFmFFOCNmh1gN4Jd4rEZVpU27IOuZ9p1hZ
NT5qwtOcwqyLovP8rFi0gj6PiPKMRoVtzZPh530sEOwEpmOFlucf1NE6roHpZjp5
9RqnD1AhvUDqrfVQMAyNc5eZBOYlzywYqubA8Dh6U4yICO9Vxij3Q0wRG8ISqlOQ
jyWgTvQIJA/BhbdqcFE1Bt6XVP+Si3/F3htg4y63xPxCcPz2Y9XNAhmOBKKcmbio
x6g0c8hM5aEnckeN0ymJBRnFTKDlM0kaYhdZUSe46D0RPT9GcxJXYT28FUqI7yA3
h/XjzofIaxo8uphQqa9aSXSBzSbXjib+0H3Wc8m88RBfLZzggh3auPuDmKoQI7/V
WoOsOk6z1xNywOe4KnqRWXYVY725J91yeom1kv9c0QqHAT7My5mo+XM/lTqwf6IZ
eCIZMQTse6v4s5m3aGov
=i2fa
-----END PGP SIGNATURE-----