-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with OpenSSL 1.0.2m. This release addresses vulnerabilities related to CVE-2017-3736 and CVE-2017-3735. We strongly encourage all OpenSSL users to upgrade to version 1.0.2m. 
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.0.2l
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:


CVE-2017-3735 - LOW
OpenSSL 1.0.2m
Fix parse error in the IPAdressFamily extension related to CVE-2017-3735

CVE-2017-3736 - MEDIUM
OpenSSL 1.0.2m
Fix carry propagating bug in x86_64 Montgomery squaring procedure related to CVE-2017-3736


SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with an updated version of OpenSSL version 1.0.2m. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.
 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2017-3736
https://nvd.nist.gov/vuln/detail/CVE-2017-3735
https://www.openssl.org/news/secadv/20171102.txt


-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAloCBUkACgkQlSG+3KvZ
Td/p1RAAskKcqt0z5f3SRgWhDDB1vJY0MxlAWVNbzwSF2CRizBj5YzcBvkHh3sdx
xAMgOS6izKU3dHXmJeMSlkyTUUGUC8+8dlGljLgHTi1Z4WiRQABDZDbBTsBwYNks
V6by/TSrP/Sg0lM7qbWUv/SirTIErYDtWtE6xFjCveUxqGMrcFr/WKVD7bAlvSu5
mXx/MIABTFTQoc85X5ew9bLkrmRPAYT+bIvQkMI57mJAH6hjACe82vnEPbEZaIw3
x05fJHo4MqkIXtIoAZXfQNMrUWxxqH2Gm3i2SCogicloAUjRD3LmbV6/jD71netK
T67yjNgCvnYHL8Aim7dGpxeB2WCC4XQQgUfbZa4b0SsDWq9ZFBJV3Zlaj4MI9CZX
8XQqLtqG26G8IgjZcrN6hZXZ157EmOIt+zTbMN9ogmfbqFZld9nQhiHzpx8a53oN
IfuSiWMg4dPivsWAQs4B8/q3mtU4mh323ACrWQFHW2S/vnk+viD42NrUA9s6bkN8
XT/2UnKhpX0FdEp+i0sBUr052wrBoLHfRVQBVgjCbZeNEkr5pGzjJHtKN3kgpHOO
2ZCWIC+kqsbZEGxpx+JaZAnYZ0g5juPbEB9/jzlD070aVrOt28z/eAlaw/QTaww9
22XuGR9EtngdZJPpeaFLBozpVSMmeXyO6jFZt71r/8KaaglPlFI=
=V98F
-----END PGP SIGNATURE-----