SUMMARY
cPanel, Inc. has updated RPMs for EasyApache 4 with OpenSSL version 1.0.2p on August 29, 2018. This release addresses security vulnerabilities related to CVE-2018-0732 and CVE-2018-0737. We strongly encourage all OpenSSL users to update their version of OpenSSL.
AFFECTED VERSIONS
All versions of OpenSSL through 1.0.2o
SECURITY RATING
CVE-2018-0732 – MEDIUM
Fixed bug key agreement related to CVE-2018-0732
CVE-2018-0737 – MEDIUM
Fixed vulnerability in RSA Key generation algorithm related to CVE-2018-0737
SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on August 29, 2018 with OpenSSL version 1.0.2p. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.
REFERENCES
https://www.openssl.org/news/vulnerabilities-1.0.2.html
https://nvd.nist.gov/vuln/detail/CVE-2018-0732
https://nvd.nist.gov/vuln/detail/CVE-2018-0737
For the PGP-signed message, please see EA4 2018-8-29.signed.