-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Ruby version 2.4.5. This release addresses vulnerabilities related to CVE-2018-16396 and CVE-2018-16395. We strongly encourage all Ruby users to update to version 2.4.5.
 
AFFECTED VERSIONS
All versions of Ruby through Ruby 2.4.4

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2018-16395 - CRITICAL
Ruby 2.4.5
Fixed bug related to CVE-2018-16839

CVE-2018-16396 - HIGH
Ruby 2.4.5
Fixed bug related to CVE-2018-16840


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on January 9, 2019, with Ruby version 2.4.5. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.


REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2018-16395
https://nvd.nist.gov/vuln/detail/CVE-2018-16396
https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlw2HGAACgkQlSG+3KvZ
Td+wXhAAr50Js2od3bFGj1QFMg06TApM8ACCQcv6/oAcWnHjHbDFVxezQkOKttTv
I8l893gWiwknPHiTXimKM91pWgqEuY6NFdQmLlpsnzLgFJke9Axx4WN4aI4DdUht
71XP5RXfE/D+8JUvduDGk/SWvbvTDjwnUO+CDfUDDyOY72N/kknvO7NyVJd4f6vj
MDEbx5hwTMxY7nuUuO2gs4PrIrSmR2cBpAT1plBfTUbPbi28uSnoY4S3ndPf+NHG
49TPnyLlkX/ZFGkV1xJ/OeTT4pUZsWDvckUtiJi9BTIZprYoU7ruluHEJfvKfCB7
6zsu0GZtcc37bs8bJoMrYYcsKAWY33ecyk5yYGiqy/k9dBv/81MGQ8gbleljPNS3
yHRal29/eSLFV1crznm4az7A5atM7VoJsnk7g7u1pjomEYdrRVQBq6lxVjmrneeC
/RUQH9DJQ66P4Ci+VtLzC/et1uwL/k57+1rgsAtmlC+u9o6TFrM6BfOeumWb0zQC
slUZPxPkuMwQ8XBcbILY78UtI04gtgs3ESuRFBUDSbgnVIS3PSzeaekB44etDVnR
Cb+5PQK3Ikjczs9Y7krsUR5iMjXVzF7ZP3GVkuU66n6OAX4TROV6AvdXE/qPKTAc
PaZYlf17OHGCCjx7CgI+IXihX8uGYB2XJbdhsUQqOlb/gk1tSaA=
=eLAL
-----END PGP SIGNATURE-----