-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl 7.78.0. This release addresses vulnerabilities related to CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, and CVE-2021-22926.  We strongly encourage all libcurl users to upgrade to version 7.78.0.
 
 
AFFECTED VERSIONS
All versions of libcurl through 7.77.0.
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2021-22922 - MEDIUM
libcurl 7.78.0
Fixed vulnerability related to CVE-2021-22922.

CVE-2021-22923 - MEDIUM
libcurl 7.78.0
Fixed vulnerability related to CVE-2021-22923.

CVE-2021-22924 - MEDIUM
libcurl 7.78.0
Fixed vulnerability related to CVE-2021-22924.

CVE-2021-22925 - MEDIUM
libcurl 7.78.0
Fixed vulnerability related to CVE-2021-22925.

CVE-2021-22926 - MEDIUM
libcurl 7.78.0
Fixed vulnerability related to CVE-2021-22926.


SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on July 28, 2021, with libcurl version 7.78.0. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://curl.se/changes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22926

















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmEBeh4UHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd925xAAxH4yQanYI/RosdxT/4bSkF0VaHlD
6nIvvzIeY+c6z48y2PN9dFwQ6Ts2hAmSU2tquYHLCNPjupvhlnixYLDLFCgEdN+b
8GaCLUt9QUCUww3vXLvMsgG/c4gYJ+y6Sx5ucXDcus5Wtwqx4e2jVXr6x6vaP6Ro
D6+wzB1VFjFHmtq3WANPZ5H4tOKjKCsZFay9HeleRF6X/zXa//qbnyrFD/5Z8ANt
TLIcoFPsBDk5DVe4r+zsb9b1+WmMJrm8tmXyGE0y25ruXOyw3mMXGGerf2x0AgIV
0ZSq3cKnjRb4v2Sp10uXHzapbyNw07OHjugxXu2awYvRAjyhIQvDwAoCcxipmJk3
r3jiPHWUlBFAnW82RoPUfvnwrO9zWURPp0MT3NllSlKXsj5etze69YGuyRPuEjOU
x0prH7vntx39O9proG28eBgcd72XOZv+VeUVSEckJf4gBJGsM2oBEU4N11HFXqRD
FaRxkE+5kCXuv6vKEbr7YyHbX6KJQVrSo97FMxVhRSOjvfqZJMZYWgZUzWkSHtSl
dGH2WTrnFWRSvB8+pgTso7Y/8Q+zKHb3sv063TE0fnLN1TVfk/BZePDLob0IVWcI
ZghfINYHDFg1TCa6x6nMBds1abFzNaDstmgKgp5hmVVwDKfDwjyYNQLBWNcO7ynf
c6vr4fKypJU0Zmw=
=NjC8
-----END PGP SIGNATURE-----