Blog & News

cPanel has recently updated their RPMs for EasyApache 4 with cURL version 7.62.0, which addresses vulnerabilities that were created from the recent EasyApache 4 update. These vulnerabilities affect all versions of cURL through cURL 7.61.0, including CVE-2018-16839, CVE-2018-16840, and CVE-2018-16842. We strongly encourage all cURL users to update to version 7.62.0. 

SECURITY RATING

The National Vulnerability Database (NIST) has given severity ratings to the following CVEs:

CVE-2018-16839 - MEDIUM

• cURL 7.62.0 - Fixed bug related to CVE-2018-16839

CVE-2018-16840 - MEDIUM

• cURL 7.62.0 - Fixed bug related to CVE-2018-16840

CVE-2018-16842 - MEDIUM

• cURL 7.62.0 - Fixed bug related to CVE-2018-16842

SOLUTION

All Nuagerie servers have been automatically updated with the new RPMs for EasyApache 4 to address this issue; however for all others, unless you have enabled automatic RPM updates as a cron job, make sure to update your system with either yum update or WHM's Run System Update interface.

REFERENCES

For further references on the vulnerabilities, please visit the following sites or make sure to contact us at any time.

• https://nvd.nist.gov/vuln/detail/CVE-2018-16839
• https://nvd.nist.gov/vuln/detail/CVE-2018-16840
• https://nvd.nist.gov/vuln/detail/CVE-2018-16842
• https://curl.haxx.se/changes.html