SUMMARY
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with OpenSSL 1.0.2m. This release addresses vulnerabilities related to CVE-2017-3736 and CVE-2017-3735. We strongly encourage all OpenSSL users to upgrade to version 1.0.2m.
AFFECTED VERSIONS
All versions of OpenSSL through 1.0.2l
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2017-3735 – LOW
OpenSSL 1.0.2m
Fix parse error in the IPAdressFamily extension related to CVE-2017-3735
CVE-2017-3736 – MEDIUM
OpenSSL 1.0.2m
Fix carry propagating bug in x86_64 Montgomery squaring procedure related to CVE-2017-3736
SOLUTION
cPanel, Inc. has released updated RPMs for EasyApache 4 on November 7, 2017, with an updated version of OpenSSL version 1.0.2m. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM’s Run System Update interface.
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2017-3736
https://nvd.nist.gov/vuln/detail/CVE-2017-3735
https://www.openssl.org/news/secadv/20171102.txt