-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 SUMMARY cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.49 and libcurl 7.79.0. This release addresses vulnerabilities related to CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, and CVE-2021-33193. We strongly encourage all Apache users to upgrade to version 2.4.49 and all libcurl users to upgrade to version 7.79.0. AFFECTED VERSIONS All versions of Apache through 2.4.48. All versions of libcurl through 7.78.0. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2021-40438 - MEDIUM Apache 2.4.49 Fixed vulnerability related to CVE-2021-40438. CVE-2021-39275 - MEDIUM Apache 2.4.49 Fixed vulnerability related to CVE-2021-39275. CVE-2021-36160 - MEDIUM Apache 2.4.49 Fixed vulnerability related to CVE-2021-36160. CVE-2021-34798 - MEDIUM Apache 2.4.49 Fixed vulnerability related to CVE-2021-34798. CVE-2021-33193 - HIGH Apache 2.4.49 Fixed vulnerability related to CVE-2021-33193. CVE-2021-22945 - MEDIUM libcurl 7.79.0 Fixed vulnerability related to CVE-2021-22945. CVE-2021-22946 - MEDIUM libcurl 7.79.0 Fixed vulnerability related to CVE-2021-22946. CVE-2021-22947 - MEDIUM libcurl 7.79.0 Fixed vulnerability related to CVE-2021-22947. SOLUTION cPanel, L.L.C. has released updated packages for EasyApache 4 on September 22, 2021, with Apache version 2.4.49 and libcurl 7.79.0. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface. REFERENCES https://curl.se/changes.html https://downloads.apache.org/httpd/CHANGES_2.4.49 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193 -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmFLZacUHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+ctRAAtCdl1fdltT3MPsYCByfpYAiiNkuT 35AyHNnIjwH5E7jeYtRdoY8yj9KH0JXUPI5phS9dCmiNVi9/f8i4ZodXuZkE1F4u gFIDFV04n83fgqc6/29YYKfMKIPTCfrZzPlkQHVm/qM8dFbbnJQiQZSTK1rfDU2Z hb5QWwBvRmxUuO3ZbgbSeojEhjypBRycacS5QDURMp21G+b5qEpAGuvNgtr+p8i0 SNJLz61AJwwFNMfCk25qM8IuX+Ed97vHDcoXi0RHVuiSdsb72Io4sx9iHbV2hFLA TQJiq96tOa14BznRysnI0D03y7tyKHGkuxr9itOi6NaTZETM74DbOtCRFC3ww5A2 8BAAEobib1BrwPyEmqekxwOLut3EfR04Mjec33RhbV59I0vikyTxL523PDoPpClv m8QZa6xg15e5a2oF6w3SXrESkl/05HM1PSeJNtKeX7ScjwmEWzMuNbHyBh0BBmiQ I7cbpyoRUkn+jeEL6629Pb7iZIFyFnQiANPUNGHyGvByJGpOCZCw6+hAPAi7d4yh w6IwfNzcQ26UcuB1UiK3tqmJBMp3PhxdY8hiWsR0At+rfMU8Ua+2ayW53nTb2k0K LE3MdgWkWEDq98az28CJZz7LlqHjfgt3EdEFh7+jF+RCHxnTO1/YP+DlIdWO7urF fRsTCZ4L9hrB3jU= =Febx -----END PGP SIGNATURE-----