-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. We strongly encourage all Apache users to upgrade to version 2.4.39. AFFECTED VERSIONS All versions of Apache through 2.4.38 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2019-0197 - MEDIUM Apache 2.4.39 Fixed bug in the http2 module related to CVE-2019-0197 CVE-2019-0196 - MEDIUM Apache 2.4.39 Fixed bug in the http2 module related to CVE-2019-0196 CVE-2019-0211 - CRITICAL Apache 2.4.39 Fixed bug in Unix MPMs related to CVE-2019-0211 CVE-2019-0217 - HIGH Apache 2.4.39 Fixed bug in mod_auth_digest related to CVE-2019-0217 CVE-2019-0215 - HIGH Apache 2.4.39 Fixed bug in the SSL module related to CVE-2019-0215 CVE-2019-0220 - MEDIUM Apache 2.4.39 Fixed bug related to CVE-2019-0220 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on April 3, 2019, with an updated version of Apache version 2.4.39. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2019-0197 https://nvd.nist.gov/vuln/detail/CVE-2019-0196 https://nvd.nist.gov/vuln/detail/CVE-2019-0211 https://nvd.nist.gov/vuln/detail/CVE-2019-0217 https://nvd.nist.gov/vuln/detail/CVE-2019-0215 https://nvd.nist.gov/vuln/detail/CVE-2019-0220 http://www.apache.org/dist/httpd/CHANGES_2.4 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlyk1UEACgkQlSG+3KvZ Td9H8w/7BKv5gqp+cb9uo6YQ4yZMuthAMAquwyuTBZKUCyawsCz8Bv6Nx6FMiDnh p3RSQa+Yh14G2nuFJf7cjAVg1g3092o6tIRsP31rxcWEMi4T8/9eAgeOUYmZ1BBW 7C9kYpcSUQYmBh5XBWLGt4y6ryp/iNlvkZ1p7+Ga4cdNoLvmFG2HrDYPWi7chHKy WxArqYdrZbhPzUBigPotyRPNzFxoRcxOPBB9JlqpkNNwqAL94K9Tv0w0VDPnQjTD PsDt5VdZbYnShgFpNf7h8Oy2Yla/quzhWx+Wv/MQ49MczIG6DSSnFxl3fSFVWzFF WnZSIrIcL3R8V8WGmZszcXc/pXvUFG15RLUgmah5qNmDNfK389ATZ8vtc1NmdH86 FOAMcIEHv1CDnSCQTjLRgGbE+pU0hr1rP0ig0b7MIRqkGywgi7QIV7KCWODMsycQ zb+PMyG3TtX05lC6hF4yg5DIgEcB/YiO60yFD8Miuc2XF6LigtxKAg8qiEI+fJZ9 LChYFiSIzlQMvXNumSGX8knYqAz8ON/UAVq3MsjecM+e8eMjE8twBVXN+nZ3/nPR iEdWAL3xk8dRAcLexT+GP+jv5cet3ib0YQ4HxVQQUharJXDayxr5gi8Up/1dblYS MBnNpstcOUc0ZSo9TbsCXRAQoG5B3GtpM9wbh+N2eJcHlowLN2Y= =1Wd5 -----END PGP SIGNATURE-----