cPanel EasyApache 3.26.8 Released

cPanel, Inc. has released EasyApache 3.26.8 with Curl version 7.38. This release addresses vulnerabilities related to CVE-2014-3613 and CVE-2014-3620.

AFFECTED VERSIONS
All versions of Curl 7.1 through 7.37.1

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-3613 – MEDIUM

Curl 7.38
Fixed bug in libcurl related to CVE-2014-0118.

CVE-2014-3620 – MEDIUM

Curl 7.38
Fixed bug in libcurl related to CVE-2014-0231.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.8 with an updated version of Curl to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Curl.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3613
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3620
http://curl.haxx.se/docs/security.html#20140910A

Tags :