-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with cURL version 7.64.0 on February 6, 2019. This release addresses vulnerabilities related to CVE-2018-16890, CVE-2019-3822, and CVE-2019-3823. We strongly encourage all cURL users to update to version 7.64.0. AFFECTED VERSIONS All versions of cURL through cURL 7.63.0 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2018-16890 - MEDIUM cURL 7.64.0 Fixed bug related to CVE-2018-16890 CVE-2019-3822 - MEDIUM cURL 7.64.0 Fixed bug related to CVE-2019-3822 CVE-2019-3823 - MEDIUM cURL 7.64.0 Fixed bug related to CVE-2019-3823 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on February 6, 2019, with cURL version 7.64.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2018-16890 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3823 https://curl.haxx.se/changes.html -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlxkPSIACgkQlSG+3KvZ Td9cBBAAxNNKf7jCsJFisr161B5R5UOItIZt/a3tatKMxj03KCAyarIcBunyOeFi aXBW8r01iIBJcVNqdkfM4TehNSqb0WPN2UExlr+/qzHKCaHv0oEbKEDmLvlaYtLI EwO5QxcGcDIHzEGL+4KIS5R9RjEPbFMVdtR2lzODxJmf+ac2sDrUIc2/H5hiM51E iCVBKhjBXdGFnkrhGloTC9ic7uufdBZ4plOt2R7RjQtpwPV8NjP6ZszFUSvjszGM gLFLEurO+y5hvTKyqbw17xZpezaTVPCm1e4YchUrE3782X75m86yDwYWNif/8mOg uFXuHCKBriiKpynetcS49blKExhbvPbPkyzRXqw/27KbvuLc47Ze5Jf8y3U8zIO/ nY43QKyrFCNaLDushp/MVEQmTWwuCAqhYn2ERCtBexi6qDiV3ccqH5l+aw0OLX54 q+A/9snl1QLmHDx1b0ZCEDfh6ccK8Q+IZd99QxdZ2D7/3Z4Qz9EIzOjFpxQM4p3N my3v6SN8nuwKtCs1YNlS36APJL7NwGJtbWTM/gDf6AtY8BCMS3schiJDZLsZvxPb EsDjyivujIWo7683mbqLpN/E+g3HlY4Gbu29keTNq7ZKvUFw4q4/dLjngWtZxWQL p14P7s8LwUiR1OOzTG6/htx2xaRiRKmEcYJg2uQXYe2ld7Wfe3A= =hsNS -----END PGP SIGNATURE-----