-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. We strongly encourage all Apache users to upgrade to version 2.4.39.
 
 
AFFECTED VERSIONS
All versions of Apache through 2.4.38

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2019-0197 - MEDIUM
Apache 2.4.39
Fixed bug in the http2 module related to CVE-2019-0197


CVE-2019-0196 - MEDIUM
Apache 2.4.39
Fixed bug in the http2 module related to CVE-2019-0196


CVE-2019-0211 - CRITICAL
Apache 2.4.39
Fixed bug in Unix MPMs related to CVE-2019-0211


CVE-2019-0217 - HIGH
Apache 2.4.39
Fixed bug in mod_auth_digest related to CVE-2019-0217


CVE-2019-0215 - HIGH
Apache 2.4.39
Fixed bug in the SSL module related to CVE-2019-0215


CVE-2019-0220 - MEDIUM
Apache 2.4.39
Fixed bug related to CVE-2019-0220



SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on April 3, 2019, with an updated version of Apache version 2.4.39. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2019-0197
https://nvd.nist.gov/vuln/detail/CVE-2019-0196
https://nvd.nist.gov/vuln/detail/CVE-2019-0211
https://nvd.nist.gov/vuln/detail/CVE-2019-0217
https://nvd.nist.gov/vuln/detail/CVE-2019-0215
https://nvd.nist.gov/vuln/detail/CVE-2019-0220
http://www.apache.org/dist/httpd/CHANGES_2.4









-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAlyk1UEACgkQlSG+3KvZ
Td9H8w/7BKv5gqp+cb9uo6YQ4yZMuthAMAquwyuTBZKUCyawsCz8Bv6Nx6FMiDnh
p3RSQa+Yh14G2nuFJf7cjAVg1g3092o6tIRsP31rxcWEMi4T8/9eAgeOUYmZ1BBW
7C9kYpcSUQYmBh5XBWLGt4y6ryp/iNlvkZ1p7+Ga4cdNoLvmFG2HrDYPWi7chHKy
WxArqYdrZbhPzUBigPotyRPNzFxoRcxOPBB9JlqpkNNwqAL94K9Tv0w0VDPnQjTD
PsDt5VdZbYnShgFpNf7h8Oy2Yla/quzhWx+Wv/MQ49MczIG6DSSnFxl3fSFVWzFF
WnZSIrIcL3R8V8WGmZszcXc/pXvUFG15RLUgmah5qNmDNfK389ATZ8vtc1NmdH86
FOAMcIEHv1CDnSCQTjLRgGbE+pU0hr1rP0ig0b7MIRqkGywgi7QIV7KCWODMsycQ
zb+PMyG3TtX05lC6hF4yg5DIgEcB/YiO60yFD8Miuc2XF6LigtxKAg8qiEI+fJZ9
LChYFiSIzlQMvXNumSGX8knYqAz8ON/UAVq3MsjecM+e8eMjE8twBVXN+nZ3/nPR
iEdWAL3xk8dRAcLexT+GP+jv5cet3ib0YQ4HxVQQUharJXDayxr5gi8Up/1dblYS
MBnNpstcOUc0ZSo9TbsCXRAQoG5B3GtpM9wbh+N2eJcHlowLN2Y=
=1Wd5
-----END PGP SIGNATURE-----