-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated RPMs for EasyApache 4 with Apache version 2.4.48 and libcurl version 7.77.0. This release addresses vulnerabilities related to CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-30641, CVE-2020-35452, CVE-2020-26691, CVE-2020-26690, CVE-2020-13950, CVE-2020-13938, CVE-2019-17567, and CVE-2021-31618. We strongly encourage all Apache users to update to version 2.4.48 and all libcurl users to update to version 7.77.0. AFFECTED VERSIONS All versions Apache through 2.4.46. All versions libcurl through 7.76.1. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2021-22897 libcurl 7.77.0 Fixed bug related to CVE-2021-22897. CVE-2021-22898 libcurl 7.77.0 Fixed bug related to CVE-2021-22898. CVE-2021-22901 libcurl 7.77.0 Fixed bug related to CVE-2021-22901. CVE-2021-30641 Apache 2.4.48 Fixed bug related to CVE-2021-30641. CVE-2020-35452 Apache 2.4.48 Fixed bug in mod_auth_digest related to CVE-2020-35452. CVE-2020-26691 Apache 2.4.48 Fixed bug in mod_session related to CVE-2020-26691. CVE-2020-26690 Apache 2.4.48 Fixed bug in mod_session related to CVE-2020-26690. CVE-2020-13950 Apache 2.4.48 Fixed bug in mod_proxy_http related to CVE-2020-13950. CVE-2020-13938 Apache 2.4.48 Fixed bug related to CVE-2020-13938. CVE-2019-17567 Apache 2.4.48 Fixed bug in mod_proxy_wstunnel related to CVE-2019-17567. CVE-2021-31618 Apache 2.4.48 Fixed bug in mod_http2 related to CVE-2021-30618. SOLUTION cPanel, L.L.C. has released updated RPMs for EasyApache 4 on June 2, 2021, with updated versions of Apache 2.4.48 and libcurl 7.77.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface. REFERENCES https://curl.se/docs/security.html https://downloads.apache.org/httpd/CHANGES_2.4.48 https://nvd.nist.gov/vuln/detail/CVE-2021-22897 https://nvd.nist.gov/vuln/detail/CVE-2021-22898 https://nvd.nist.gov/vuln/detail/CVE-2021-22901 https://nvd.nist.gov/vuln/detail/CVE-2021-30641 https://nvd.nist.gov/vuln/detail/CVE-2020-35452 https://nvd.nist.gov/vuln/detail/CVE-2020-26691 https://nvd.nist.gov/vuln/detail/CVE-2020-26690 https://nvd.nist.gov/vuln/detail/CVE-2020-13950 https://nvd.nist.gov/vuln/detail/CVE-2020-13938 https://nvd.nist.gov/vuln/detail/CVE-2019-17567 https://nvd.nist.gov/vuln/detail/CVE-2021-31618 -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmC3v7sUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+/kxAAki8mA+nM4XibS8Tsy1n6tl0jHEUA aVDc5AERFDYx8+gq3l+0p55dtKdIwBfGUqcz0QIFaG3VDXiR0VdpPsHodIL3YhqE Cl1q4fl6C4C7maHX0iawpgfshPUP6uLpKlPt/i6Rz0OnFEDegbCYEeeRzbF4yfqO x5J+q+Z/PLiiRhlqDJAcTkO7R+bHQ0TlQu51JayV21jjCBroZUntptr2O2KTB0U0 gx7SYirKyth3Eq8SCObQFY4orG+Sk4cvsEI/RKYA1IJvzeiP2t9M3vcs+yvZ1g5v HuEwRiukAEFMLQ/5EMbdQTX80n5Cg5V89AnYutW3Ey0pF87fDxnuUZWpK0KXfoSm FjgZqp6EWBf42azKTpDhUIfSREFJw58dpKeTXSR6C3I2wPjVvNXQl5XrPid9Lb6T EedJs5sAwgUMl5GZ5u0ChVE0ZRtfg+oUDSO6zy3I1c9qLiCCxMzH6r6JUso2Sznz aS+z/7JYh6812TP2bPidEYB1B2iV+/0D0ZCuhjtx++hzoWrn7D93dDEw1JfHGCf3 5JvDaFmhmRHZEZxFmpP2D4MoRsrw3sh21Vya2xqJf2RSrqRg2ZVS6dWwzZfLZXWD /6NM7A9ev/ImaUIO5A6gM4Xh5tZeegjWzl9B3zje0iIxWwr5Bx6UPa2luZA1ujB1 nK5Zx01YUbr1uKg= =jDgl -----END PGP SIGNATURE-----