-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 a new version of the Drupal ModSecurity OWASP rules. This release addresses vulnerabilities related to CVE-2021-35368.  We strongly encourage all Drupal ModSecurity OWASP rules users to update their rules.
 
 
AFFECTED VERSIONS
All versions of the Drupal ModSecurity OWASP rules prior to June 30, 2021.

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2021-35368 - HIGH
ModSecurity OWASP
Fixed vulnerability related to CVE-2021-35368.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on June 300, 2021, with an updated version of the Drupal ModSecurity OWASP ruleset. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35368

















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmDc1UwUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd8kLA//Rp6EiJ6JrD+Khn5CSXIFka8V0vkG
FYaoC682Dn3QweoQWsmue5FIxPOn/+Vi5DXpCYH8US0S0eunisnk6BY+fjG9WgPm
hFKmH8EZskWTHxM2KsPJPP8VI9wQc/xkyLn7ps/ZOU6jcxaExa5DZ3Y2Fj+47H5a
X/HGjLjMU9eGdRH88TF9sopFwWfhbp0lU2wX9HjZapGqEdf2Lp43H25xITpmvI29
KraVBW5XhrWpQ0GxhV2jQ+2gbyzN68LIyNeaCIjBH5awfx7ZMpedpo2lqf3BUqNj
GJOsvzz/pjo8QfMLXoM5FnvpqY5gilCQM/UGDHNuWhA1FuwEhtUjNf7Xg0jZZxXj
/sLPnPMf5MUiwi631evcUeTchf0AwVjZm68Y3BR6BoaLNhMf1gqHXpgIuOXMqNJq
J/Zn+o8xqoT+/AFQXwYkAOXF+MiAHHhjANZ6rJ+i95fAD2ASWxXElE1xJ6pkw1Zi
iEH8AdqHm6RvxzOr/rduuhb2euhXiKHWyVn2YlfxAsD03LUb3n0kR5ooXodUIgeJ
5cm7oaqPoF8dXOuop0NSOXI9DrbBPmfmhFvJzd7v2+8rdnv4MdcptMz85BoClStU
fJ6C8LGIk1kjF/q7J7JEa8cJoUxyXd2PJczrLEuFThdlfpIv+bGRzCudKe1vKy/V
t8Bn6PCV/P70pS4=
=yx80
-----END PGP SIGNATURE-----