-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with Ruby version 2.4.10. This release addresses vulnerabilities related to CVE-2020-10663. We strongly encourage all Ruby users to upgrade to version 2.4.10.
 
 
AFFECTED VERSIONS
All versions of Ruby through 2.4.9.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-10663 - MEDIUM
Ruby 2.4.10
Unsafe object creation vulnerability in JSON.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on April 15, 2020, with an updated version of Rubu 2.4.10. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-10663
https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-4-10-released/










-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl6XMJIUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+4Iw/9FCej6UcstQIzb7TYleBlqM71ivfu
TsyjEuO9Uk/Z5h5G92yNazfYME+mKjrLzl7gOpV3TMtI1xuFrZewP7E0aYYr9HL3
XAsZv05FsyFlVNtSAaakFADuZAuw/wfVJI/HfXD6ESGdPv8kmDA/ke1+K67Ef9+i
l8gdiXA7JzuUhEjF7G9SKpczx3861Brgnfq44zXSNCm6q+8AshauF9i5jtxzVAyr
OSIT0u63sxc+oqskAuRRDPJe30imgE2XhAc1qx9SfwdA9/tbt7gY48Ac0Syo+MEA
ZFJ89D9ljHCERtQ8VQ3S2ET/EszgyZdbkObdHKbBqnLva4Fk8Wqe3iwCkC5S+rhP
Qm8Th+HYEcVFrZMUa0+OddmVJE2bbt1+8+8+udmmL7dLRKshC1I07WYAbr5LFLzG
dxljqLAJN3sIWbGgmaZ4LXfmy0kjXtuEY0jW8MKwjJu7QYZFJY3HR8NVVPnRicEN
rgmhjvIVfrXRJD+H7o+qyhUZfEPZKTtcnX443m8KcqcBRgS0GgDPNhYgsxp9UTxR
zL4MYNKbq9ndwKWlCnKlh9ZM+q7s0Xu9mpvPUL7b9SxPhpGp5BZYYL6pvIsMr6CB
YENq8QiFfdg221B6lmw+Mw4ThnTl4L1CLdqvi4Pq4CBjqDLlgXt43Zb/c9nfScRZ
Y64VGeBlS8wW2AY=
=tTFY
-----END PGP SIGNATURE-----