Administrator Posted March 20, 2014 Share Posted March 20, 2014 SUMMARYcPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9. AFFECTED VERSIONSAll versions of Apache version 2.4 before 2.4.9. SECURITY RATINGThe National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: CVE-2014-0098 – MEDIUM Apache 2.4.9Fixed bug in the mod_log_config module related to CVE-2014-0098. CVE-2013-6438 – MEDIUM Apache 2.4.9Fixed bug in the mod_dav module related to CVE-2013-6438. SOLUTIONcPanel, Inc. has released EasyApache 3.24.13 with updated version of Apache version 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest version of Apache automatically. Run EasyApache to rebuild your profile with the latest version of Apache. REFERENCEShttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438http://httpd.apache.org/docs/trunk/new_features_2_4.html For the PGP-signed message, see EA3 CVE 3-24-13-signed. View the full article Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now