-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.38. This release addresses vulnerabilities related to CVE-2019-0190, CVE-2018-17199, and CVE-2018-17189. We strongly encourage all Apache users to update to version 2.4.38. AFFECTED VERSIONS All versions of Apache through Apache 2.4.37 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2019-0190 - MEDIUM Apache 2.4.38 Fixed bug in mod_ssl module related to CVE-2019-0190 CVE-2018-17199 - MEDIUM Apache 2.4.38 Fixed bug in mod_session module related to CVE-2018-17199 CVE-2018-17189 - MEDIUM Apache 2.4.38 Fixed bug in mod_http2 module related to CVE-2018-17189 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on January 30, 2019, with Apache version 2.4.38. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2019-0190 https://nvd.nist.gov/vuln/detail/CVE-2018-17199 https://nvd.nist.gov/vuln/detail/CVE-2018-17189 http://www.apache.org/dist/httpd/CHANGES_2.4 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlxR1ZMACgkQlSG+3KvZ Td/u9A/8CLVL/ZGxI9/XbuVJ5W6j+ojwtISvhu+f0bBHMiFf0aeC1hLDoUjvSoMq GOEOYpkYmhs4YWl+PREPFttZ996zRwqzlxuT94sMULpyDlXZNZouqeOVFoOe5nGe VOSXdt6gBlc8JJgnrLEptkQBQhWptRxmQi4mSpzZ/ygyPGGlyhIkY8nYBAUGR8+b c3OGy32NRAuFxj3qo3xZqGhd37tvoZVBLWTfVpS/GNekydOgtIrkoRTrWLtntmjf DJQ/7eeqyUgLHnuMsThSZUTfRN1XEZ7Pngdhv59BCqPuabrzYt4CnATa/cbkZQN1 YMUprSTGV20F+UflHOGTRZxrOxd0VZ/RpjICDN2KNnNIJSd3biS/mZUe6LMiE5BO Da5gHpfNXmjmWJvAETb3sm55hZWIdDqNAuj3VzbQtio4mtb/11bOU5vxTle5eWzv KhyG8GRd9SHHL/AADMvOoBu+sGOmyyBCfWyGY47RuEuqQFo3qOds8kjLn+WMysWb qDx+KtePi7AnNus3d/8VQ0YHBHmlBfgxEABvnP4fpA7+i0XVwcLqfdTeVtULhBlF ganDB45q2ujmGfrN8+j9vAlb+RzG96oIjKfnplX2JAPt+7oqVgNHBjnoHfEOiq3v SMBnuypU0HWK6vg/JHz/XLRkE97JI2dUYmo9GzR+I23K33QuLc8= =q9f8 -----END PGP SIGNATURE-----