-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with  OpenSSL version 1.1.1k. This release addresses vulnerabilities related to CVE-2021-3450 and 
CVE-2021-3449. We strongly encourage all OpenSSL users to update to version 1.1.1k.
 
 
AFFECTED VERSIONS
All versions of OpenSSL through 1.1.1j.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2021-3450 - MEDIUM

OpenSSL 1.1.1k
Fixed bug related to CVE-2021-3450.

CVE-2021-3449 - MEDIUM
OpenSSL 1.1.1k
Fixed bug related to CVE-2021-3449.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on March 31, 2021, with an updated version of OpenSSL 1.1.1k. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2021-3449
https://nvd.nist.gov/vuln/detail/CVE-2021-3450
https://www.openssl.org/news/vulnerabilities.html













-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmBkvhUUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9yKw/+I21ZIZEgA/MnfQGmz8shvYqAVt4t
V+BHGDAJf28fRtAAIt1HD0TJhbpmaWOKT+B+acxgHIlwWBDzwaUQlzQ0P90R3O+X
ki04ham23n23kLhDPuVF2Vm0guN4ON29smj5txaCOpM9FWcc6Oyr9k5JasXLCpg1
PeXpLNlqJWTJziSlqbLUnmnWgtIXIzOQl2TKb20gQ204mrL0Lpve8TPqNnGzINvS
RdGmIJlxMxgA62I1dZSkQOraAVZswj7yUD+oRherbEmRPPHwar47sJqw41LRZTbm
OT3xowO1QdIAPAd2OzgubHyVr8R1sRLgGgbyP/AAQuUzcW0uTKcSUjZLeYPJu/Ku
ERzMPi+gvXidjW5oKLXPryksKvojskGGHbtFd5+UlMV5jgvdoiQgQzQAo0U0r1cO
opKlCYuZv0Y7kUUex3TMyDYjVShKJ6T+VhwPIb9GjbH5279SCsrZhZEzVAK82Ia/
z23oST1SoBavqSyRrkrAJlPrVVkpJ3VvdYtM+Ro1TQ07HQsl9XVCISNbP4BIOj05
9AzJ3sezFF6SGcNrknm0Aw492gjsPKErpYlRmGmxEJNfZhSzIo36phVH+5Egqoyf
WVqoCbNAKwsbtxqV9rATaECGmUMBoU2sya2Hdeig97u4bLGX0VJui4lUEP8WmAvo
DaMBoIvFTGg3GUQ=
=dKUi
-----END PGP SIGNATURE-----