cPanel, Inc. has released EasyApache 3.26.8 with Curl version 7.38. This release addresses vulnerabilities related to CVE-2014-3613 and CVE-2014-3620.
AFFECTED VERSIONS
All versions of Curl 7.1 through 7.37.1
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2014-3613 – MEDIUM
Curl 7.38
Fixed bug in libcurl related to CVE-2014-0118.
CVE-2014-3620 – MEDIUM
Curl 7.38
Fixed bug in libcurl related to CVE-2014-0231.
SOLUTION
cPanel, Inc. has released EasyApache 3.26.8 with an updated version of Curl to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Curl.
REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3613
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3620
http://curl.haxx.se/docs/security.html#20140910A
