-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.41, NGHTTP2 version 1.39.2, and Tomcat version 8.5.43. This release addresses vulnerabilities related to CVE-2019-10081, CVE-2019-9517, CVE-2019-10098, CVE-2019-10092, CVE-2019-10097, CVE-2019-10082, CVE-2019-9511, CVE-2019-9513, and CVE-2019-10072. We strongly encourage all Apache users to upgrade to version 2.4.41, all Tomcat users to upgrade to version 8.5.43, and all NGHTTP2 users to upgrade to version 1.39.2. AFFECTED VERSIONS All versions of Apache through 2.4.39 All versions of NGHTTP2 through 1.39.1 All versions of Tomcat through 8.5.42 SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2019-10081 - MEDIUM Apache 2.4.41 Fixed bug related to CVE-2019-10081 CVE-2019-9517 - MEDIUM Apache 2.4.41 Fixed bug related to CVE-2019-9517 CVE-2019-10098 - MEDIUM Apache 2.4.41 Fixed bug related to CVE-2019-10098 CVE-2019-10092 - MEDIUM Apache 2.4.41 Fixed bug related to CVE-2019-10092 CVE-2019-10097 - MEDIUM Apache 2.4.41 Fixed bug related to CVE-2019-10097 CVE-2019-10082 - MEDIUM Apache 2.4.41 Fixed bug related to CVE-2019-10082 CVE-2019-9511 - MEDIUM NGHTTP2 1.39.2 Fixed bug related to CVE-2019-9511 CVE-2019-9513 - MEDIUM NGHTTP2 1.39.2 Fixed bug related to CVE-2019-9513 CVE-2019-10072 - MEDIUM Tomcat 8.5.42 Fixed bug releated to CVE-2019-10072 SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on August 21, 2019, with updated versions of Apache version 2.4.41, NGHTTP2 version 1.39.2, and Tomcat version 8.5.43. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://nvd.nist.gov/vuln/detail/CVE-2019-10081 https://nvd.nist.gov/vuln/detail/CVE-2019-9517 https://nvd.nist.gov/vuln/detail/CVE-2019-10098 https://nvd.nist.gov/vuln/detail/CVE-2019-10092 https://nvd.nist.gov/vuln/detail/CVE-2019-10097 https://nvd.nist.gov/vuln/detail/CVE-2019-10082 https://nvd.nist.gov/vuln/detail/CVE-2019-9511 https://nvd.nist.gov/vuln/detail/CVE-2019-9513 https://nvd.nist.gov/vuln/detail/CVE-2019-10072 http://www.apache.org/dist/httpd/CHANGES_2.4 https://github.com/nghttp2/nghttp2/releases http://tomcat.apache.org/tomcat-8.5-doc/changelog.html -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl1daPYUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9z+A/+NcA+owAT8zAL+PaYkRhOR9BCqGV4 tdRYGFqgiw+T/vKYeydtzi5YuGcdznVor/5j3cSldDrSsL2fpSrz229C+Pa0FvJ7 Qif2+5iJrjsoepLfXYs2Q6WY4GOl9sRazhKAAc7udT1bXQfs8MailZcM12ya35rH icVWbKkP0athBFXOIy8mGsAcuS5Qw7mZ0TujCk+UEm1k3seUvrZMvIo3kj+1Qn6A Z5vsKQenJ171gS95uZxIniMlrjRxstAcw5GO7iCeWHSNiPScI+01Jkdg4LT1v00w WNC2zyEQpIKlOVgYRQZoY+F0q2sif4DqHZa1oTDO6lE89SgQ5eKWMlZsJU5szr1V 5xNEFSpXte/D3/s+vhUtM9bBCQC/eMvlTJbKMMeV7oWV+rv/S1JP5lUAt2C/11OG OYHPPakijq9BT3Pr4WEvm5NB/FJLf72S9oaLiubfnoTnQQ5P+u+PaORKIpUn6hVo ZzZSelTitwhF89dOjKn22hQxqym9cUyXtjsmUG3MLdx8v/Sm/R0aLS7M6KVgCF3n pg2lcdZit31WGO7RiTWICVnmG1fbfGTMHmj+JZBeSrTUr2FSoNm+4xR14Z6ehJva H3bU/UqsNe3xyuNkN+TdXIrcq9lWh4Ae95Z7Sfl0RNTWkMWmKfFGkUWkl+qLMI9m XQ5LvxCiNwoxG3U= =P1hs -----END PGP SIGNATURE-----