-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with Ruby version 2.4.5. This release addresses vulnerabilities related to CVE-2018-16396 and CVE-2018-16395. We strongly encourage all Ruby users to update to version 2.4.5. AFFECTED VERSIONS All versions of Ruby through Ruby 2.4.4 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2018-16395 - CRITICAL Ruby 2.4.5 Fixed bug related to CVE-2018-16839 CVE-2018-16396 - HIGH Ruby 2.4.5 Fixed bug related to CVE-2018-16840 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on January 9, 2019, with Ruby version 2.4.5. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2018-16395 https://nvd.nist.gov/vuln/detail/CVE-2018-16396 https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlw2HGAACgkQlSG+3KvZ Td+wXhAAr50Js2od3bFGj1QFMg06TApM8ACCQcv6/oAcWnHjHbDFVxezQkOKttTv I8l893gWiwknPHiTXimKM91pWgqEuY6NFdQmLlpsnzLgFJke9Axx4WN4aI4DdUht 71XP5RXfE/D+8JUvduDGk/SWvbvTDjwnUO+CDfUDDyOY72N/kknvO7NyVJd4f6vj MDEbx5hwTMxY7nuUuO2gs4PrIrSmR2cBpAT1plBfTUbPbi28uSnoY4S3ndPf+NHG 49TPnyLlkX/ZFGkV1xJ/OeTT4pUZsWDvckUtiJi9BTIZprYoU7ruluHEJfvKfCB7 6zsu0GZtcc37bs8bJoMrYYcsKAWY33ecyk5yYGiqy/k9dBv/81MGQ8gbleljPNS3 yHRal29/eSLFV1crznm4az7A5atM7VoJsnk7g7u1pjomEYdrRVQBq6lxVjmrneeC /RUQH9DJQ66P4Ci+VtLzC/et1uwL/k57+1rgsAtmlC+u9o6TFrM6BfOeumWb0zQC slUZPxPkuMwQ8XBcbILY78UtI04gtgs3ESuRFBUDSbgnVIS3PSzeaekB44etDVnR Cb+5PQK3Ikjczs9Y7krsUR5iMjXVzF7ZP3GVkuU66n6OAX4TROV6AvdXE/qPKTAc PaZYlf17OHGCCjx7CgI+IXihX8uGYB2XJbdhsUQqOlb/gk1tSaA= =eLAL -----END PGP SIGNATURE-----