The cPanel team has officially announced the release of an EasyApache 4 update. This release features a version update for ea-apache24 to 2.4.39, resolution to an issue with the installation of ea-liblsapi, and a solution for the premature stoppage of /scripts/ea-tomcat85.
cPanel has updated RPMs for EasyApache 4 with Apache version 2.4.39. This release addresses vulnerabilities related to CVE-2019-0197, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, and CVE-2019-0220. All users running on versions of Apache through 2.4.38 are strongly encouraged to upgrade to version 2.4.39.
All Nuagerie servers are automatically updated. However, for those that do not have automatic RPM cron updates enabled, please update your system with either yum update or through WHM’s Run System Update interface.
ea-apache2
ea-apache2-config
ea-liblsapi
ea-liblsapi because of conflicts with liblsapiea-tomcat85
/scripts/ea-tomcat85 prematurely dies if fs.protected_symlinks_create is enabledThis release includes security patches that have been issued for the following CVE (Common Vulnerabilities and Exposures), the details of which are included below.
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
For more information about all the changes to EasyApache 4, please make sure to visit the 2019 EasyApache 4 Changelog and the EasyApache 4 Release Notes. For a complete list of references for the vulnerabilities fixed, please go to the original cPanel announcement or make sure to contact us at any time.
