-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.0.2q on December 5, 2018. This release addresses vulnerabilities related to CVE-2018-5407 and CVE-2018-0734. We strongly encourage all OpenSSL users to update to version 1.0.2q.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through OpenSSL 1.0.2p

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2018-5407 - MEDIUM
OpenSSL 1.0.2q
Fixed bug related to CVE-2018-5407

CVE-2018-0734 - MEDIUM
OpenSSL 1.0.2q
Fixed bug related to CVE-2018-0734


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on December 5, 2018, with OpenSSL version 1.0.2q. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.


REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2018-0734
https://nvd.nist.gov/vuln/detail/CVE-2018-5407
https://www.openssl.org/news/cl102.txt









-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlwH5eoACgkQlSG+3KvZ
Td/CGhAAgDsHLUN5Oosfuu2YmY9BGqTEXvPo+7t9/owpF+Mr5gXaDathS3oG0vmy
70OcePDj4xxexP1a7+jIxy6k0thDNnZl0UyD7rbud1zm/IJ7sKCxpmevm6kdJVVu
CXo0KOQdAax6HKMAPqHWtZsC+nDLq2p90jEzbgxDyEU+uYFOSahD17KlVpizeszL
kgSFVG5Dzg9cbyw4EMj5o/41CJXq3SLDgxwFSOBmEgpFiRlnb0wKhH+b7+1rIHke
yKDtA2G6VQ/I/B+j0nlHnqpmEx4x5Kv+6KwawfvNQ5p4Bf/fN9Z41/OOeMz27EY0
6vgwtSxCcZ0rM+NA5te2txm4HZx/5WpoiCEYZanh60CLCRNRkH/2GqTEsbw3yWxX
aBb8NHfweVjWI/nS2GABTNMTqqqOIoDttyDVboMCDSG8ZcmQuK5z3LedNlTUXkXg
a9lAMIfZo6CFPyM3Udfx0A8k7h8dG9KUeUBjeH77O+vxcz1hTNJ0pkeifVmduYCF
J4MInqIIKH3TbdOppQJgdnQCp4E4pfcJjo0urm2EFUCU8XyURwr8hIDliZlffIKE
6sUpQmc5RwMc837vI6TC1Vf9mvGfN9ixrLpyshkXpQAkZglp4hNWHTNOxowF+8Mz
nYdmo436IPyH+WajyaDpvfWbA65htljO3YquK2joCVPVgVmxWZw=
=04wZ
-----END PGP SIGNATURE-----