-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated packages for EasyApache 4 with Apache 2.4.49 and libcurl 7.79.0. This release addresses vulnerabilities related to CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, and CVE-2021-33193.  We strongly encourage all Apache users to upgrade to version 2.4.49 and all libcurl users to upgrade to version 7.79.0.
 
 
AFFECTED VERSIONS
All versions of Apache through 2.4.48.
All versions of libcurl through 7.78.0.
 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 
CVE-2021-40438 - MEDIUM
Apache 2.4.49
Fixed vulnerability related to  CVE-2021-40438.

CVE-2021-39275 - MEDIUM
Apache 2.4.49
Fixed vulnerability related to CVE-2021-39275.

CVE-2021-36160 - MEDIUM
Apache 2.4.49
Fixed vulnerability related to CVE-2021-36160.

CVE-2021-34798 - MEDIUM
Apache 2.4.49
Fixed vulnerability related to CVE-2021-34798.

CVE-2021-33193 - HIGH
Apache 2.4.49
Fixed vulnerability related to CVE-2021-33193.

CVE-2021-22945 - MEDIUM
libcurl 7.79.0
Fixed vulnerability related to CVE-2021-22945.

CVE-2021-22946 - MEDIUM
libcurl 7.79.0
Fixed vulnerability related to CVE-2021-22946.

CVE-2021-22947 - MEDIUM
libcurl 7.79.0
Fixed vulnerability related to CVE-2021-22947.



SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 on September 22, 2021, with Apache version 2.4.49 and libcurl 7.79.0. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://curl.se/changes.html
https://downloads.apache.org/httpd/CHANGES_2.4.49
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
















-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmFLZacUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd+ctRAAtCdl1fdltT3MPsYCByfpYAiiNkuT
35AyHNnIjwH5E7jeYtRdoY8yj9KH0JXUPI5phS9dCmiNVi9/f8i4ZodXuZkE1F4u
gFIDFV04n83fgqc6/29YYKfMKIPTCfrZzPlkQHVm/qM8dFbbnJQiQZSTK1rfDU2Z
hb5QWwBvRmxUuO3ZbgbSeojEhjypBRycacS5QDURMp21G+b5qEpAGuvNgtr+p8i0
SNJLz61AJwwFNMfCk25qM8IuX+Ed97vHDcoXi0RHVuiSdsb72Io4sx9iHbV2hFLA
TQJiq96tOa14BznRysnI0D03y7tyKHGkuxr9itOi6NaTZETM74DbOtCRFC3ww5A2
8BAAEobib1BrwPyEmqekxwOLut3EfR04Mjec33RhbV59I0vikyTxL523PDoPpClv
m8QZa6xg15e5a2oF6w3SXrESkl/05HM1PSeJNtKeX7ScjwmEWzMuNbHyBh0BBmiQ
I7cbpyoRUkn+jeEL6629Pb7iZIFyFnQiANPUNGHyGvByJGpOCZCw6+hAPAi7d4yh
w6IwfNzcQ26UcuB1UiK3tqmJBMp3PhxdY8hiWsR0At+rfMU8Ua+2ayW53nTb2k0K
LE3MdgWkWEDq98az28CJZz7LlqHjfgt3EdEFh7+jF+RCHxnTO1/YP+DlIdWO7urF
fRsTCZ4L9hrB3jU=
=Febx
-----END PGP SIGNATURE-----