-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.62.0. This release addresses vulnerabilities related to CVE-2018-16839, CVE-2018-16840, and CVE-2018-16842. We strongly encourage all cURL users to update to version 7.62.0. AFFECTED VERSIONS All versions of cURL through cURL 7.61.0 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2018-16839 - MEDIUM cURL 7.62.0 Fixed bug related to CVE-2018-16839 CVE-2018-16840 - MEDIUM cURL 7.62.0 Fixed bug related to CVE-2018-16840 CVE-2018-16842 - MEDIUM cURL 7.62.0 Fixed bug related to CVE-2018-16842 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on November 7, 2018, with cURL version 7.62.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 https://curl.haxx.se/changes.html -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlvjSr8UHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/vbQ/+IfNKeoI+Pp65ucYXaSChvmqGSEfr hTr5owImyydMf9GGR7R69pyV9aH2d0aUeXD4nM9QD7yyQtaD9jCkTXyGnEd3As2Q oqdAegtBSCdsaK2S61HzUM3FCUO1+QfypDcbMyBZywonV1tsttdRJzZ3qJKB/02M xXggC8+UWuhlr/TDQTEZRjPwEMA87mSuF6UamZz4BY3FyFq20WJBofiF0/yoeXcY Gg3XllGo1w1wpQjdRxJI4k1fwvnb2DmISUow3ubUdwSUs3URdNkHR4csdJA+oJrz paxR9Jx6RKiaI3m4UbWIwn5SEbLyEvEKbkuuCV8p1Sy5JDNjK5pGedJY/ADeB60q HuXTP5zh5XOBq9W9YK7E6DztxvrajBO11rKlVY7PUY60TGLq7WkujG7I8ghDSu4l 1ozH4whRd+57y0VunWvCcCCcFWs9Ncc59XwhRRUMuRwIEgaoLG5QgwQywUwfDNci uscEiFlUMF0QtztgYBvmZMPqS7odg+YotwH1CApRdRxF1IhN50PJtrphCDXBT0PG yFik4GiuUz0frV9iO+f6cstWgJfJvjSR3UEf27dy9FjJgYzQ4Gb5c2TqYVZSuN1d lWmy0FcQth1QMrIJQ/Bb5IphVVvCyVLhJ9DbFlsrNRPqssVMNup7bFQzGZr1MIHF cJDuwXuCY5ymxag= =kY0O -----END PGP SIGNATURE-----