-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.64.0 on February 6, 2019. This release addresses vulnerabilities related to CVE-2018-16890, CVE-2019-3822, and CVE-2019-3823. We strongly encourage all cURL users to update to version 7.64.0.
 
AFFECTED VERSIONS
All versions of cURL through cURL 7.63.0

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2018-16890 - MEDIUM
cURL 7.64.0
Fixed bug related to CVE-2018-16890

CVE-2019-3822 - MEDIUM
cURL 7.64.0
Fixed bug related to CVE-2019-3822

CVE-2019-3823 - MEDIUM
cURL 7.64.0
Fixed bug related to CVE-2019-3823


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on February 6, 2019, with cURL version 7.64.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.


REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2018-16890
https://nvd.nist.gov/vuln/detail/CVE-2019-3822
https://nvd.nist.gov/vuln/detail/CVE-2019-3823
https://curl.haxx.se/changes.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlxkPSIACgkQlSG+3KvZ
Td9cBBAAxNNKf7jCsJFisr161B5R5UOItIZt/a3tatKMxj03KCAyarIcBunyOeFi
aXBW8r01iIBJcVNqdkfM4TehNSqb0WPN2UExlr+/qzHKCaHv0oEbKEDmLvlaYtLI
EwO5QxcGcDIHzEGL+4KIS5R9RjEPbFMVdtR2lzODxJmf+ac2sDrUIc2/H5hiM51E
iCVBKhjBXdGFnkrhGloTC9ic7uufdBZ4plOt2R7RjQtpwPV8NjP6ZszFUSvjszGM
gLFLEurO+y5hvTKyqbw17xZpezaTVPCm1e4YchUrE3782X75m86yDwYWNif/8mOg
uFXuHCKBriiKpynetcS49blKExhbvPbPkyzRXqw/27KbvuLc47Ze5Jf8y3U8zIO/
nY43QKyrFCNaLDushp/MVEQmTWwuCAqhYn2ERCtBexi6qDiV3ccqH5l+aw0OLX54
q+A/9snl1QLmHDx1b0ZCEDfh6ccK8Q+IZd99QxdZ2D7/3Z4Qz9EIzOjFpxQM4p3N
my3v6SN8nuwKtCs1YNlS36APJL7NwGJtbWTM/gDf6AtY8BCMS3schiJDZLsZvxPb
EsDjyivujIWo7683mbqLpN/E+g3HlY4Gbu29keTNq7ZKvUFw4q4/dLjngWtZxWQL
p14P7s8LwUiR1OOzTG6/htx2xaRiRKmEcYJg2uQXYe2ld7Wfe3A=
=hsNS
-----END PGP SIGNATURE-----