-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl version 7.71.0. This release addresses vulnerabilities related to CVE-2020-8169 and CVE-2020-8177. We strongly encourage all libcurl users to upgrade to version 7.71.0. 
 
 
AFFECTED VERSIONS
All versions of libcurl through 7.70.0.
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2020-8169 - MEDIUM
libcurl
Fixed bug related to CVE-2020-8169.


CVE-2020-8177 - MEDIUM
libcurl
Fixed bug related to CVE-2020-8177.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on July 1, 2020, with an updated version of libcurl version 7.71.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2020-8169
https://nvd.nist.gov/vuln/detail/CVE-2020-8177
https://curl.haxx.se/changes.html












-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl78uXcUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9oRhAAzOz4tm3gmlr2cEPPQ9wdvYQRXa2t
XmGTlSWxp9AFzpYyu3X++6hAbBLNseNqeSoQQy7CwqIkiE3EuBSdp7nkjzFdDFpf
wKF9P9nZ2AojLgh3awcK4xVAr9426wXq0irkupBhq9HKh1IC6TE9Blm0opBzZ/UZ
pJQbg6ygegF0BcmO2w6/Qa7EUTG0IF5jf67hOQu/6Larhhj+2aM3fMxXkNNEpmCy
wK6WwCNPNQdGuzeHbal+3Qxhe7tIbG+NleuQIVt3uz6yNOx6CsKki3gIGzqv3ZjD
4FPXZ01BQ49Yl8jsZs1uCEkHu9FvOEBWQyL56W2QaVobRSwYzomHwi/lGcb275m1
q3QhllNiGBNdYHM/M/sEu2iSAGghKCzO1UC4SZIGisAhR6Tn1Vdsg5dIo9/noMdJ
bSaW2vUtGc4fLF45nE4upxJ7nrSQYmLdD6i4opdF1ncVS+ebGJkpVjS8BvqHa07t
LH/1aogsyI1yd+tFwxsUmVM2S6DSVlvTProGq7kQJ8iUCA0zJSuSTelRTTGM2/Xd
G0zFRtpeiNK2ej1muks7AOnZdurgmd4yXfEz11QXIdtYiPVSeHOaRLDQXsM/xifk
YsFcr1jog96Gw7m+JO5c90gwsfW8HIajNN7dRH3ULcAPbZb9QEBT/2HcTYB02Rxu
OxzL9M8NbJwSufQ=
=4mBd
-----END PGP SIGNATURE-----