-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with OpenSSL version 1.1.1j. This release addresses vulnerabilities related to CVE-2021-23841 and CVE-2021-23840. We strongly encourage all OpenSSL users to update to version 1.1.1j.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1i.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2021-23841 - MEDIUM

OpenSSL 1.1.1j
Fixed bug related to CVE-2021-23841.

CVE-2021-23840 - MEDIUM

OpenSSL 1.1.1j
Fixed bug related to CVE-2021-23840.





SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on February 24, 2021, with an updated version of OpenSSL 1.1.1j. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2021-23841
https://nvd.nist.gov/vuln/detail/CVE-2021-23840
https://www.openssl.org/news/changelog.html#openssl-111













-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmA2lBwUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8FhQ//bvizcdqJt0OplP+OvyDnTvlKl5+O
lL28rLi/xR69IcJOVFQtOaV5cMjs8MpMTxduzYb69iPNBlcGdMOIGcAN4lpqdPtC
gH9fiKSRGq4jxIjUoVTZ0eJtaq93rT2TK9Gc1zxO32eca4cwrtvgwbGy4bjGkadm
RSBYInrxsj0WJg9iGoEyFG72qTLTIiP1V5ieGqTLFA06VRs5XUZNZvBVDqcTrcaG
tpxoD+A8XiHnLHQiKxISa6ErocDcrsqUjkUiphVjVJCq5wYl3yPASHYAKdmKu321
Gu0ArHcnMbtVj4eZWQSDQ6k6XlG315HFQCmscy9sWH67zX88nGruMuIG6HhRYdyk
ihCZyF0D+qAai30uu/yNnlUfHR1YC9tTJJtX63lhgpToF27b4W6Gebiunr995Ips
KsoLjNWjTSBIOsfpRHX1T9YFZPcSMrZWqb35c5Ce3HcrzT7mkIt5xZd2nJfXVffP
D79ldOAsmAlOwUnKk0oYoGeh8fLLrYlyIcQgJWCjIg3KIu9fMvgXWyEyR5VSzJIV
73zxg3Np2bMM9fJm2FiNjZCm1PmfGJh05GI34fhgtA3qy8WZ1si6oqpKfo77vVhZ
SgBzwfeWJGSO8rw+wvoqh0dvvezC5ENAz0IQPCTb9ebdqSQt+ofzGxcG0JaX7X4r
JDBw8l1dXgXJbYY=
=P80R
-----END PGP SIGNATURE-----