In the May 2019 survey we received responses from 1,326,664,693 sites across 235,011,143 unique domain names and 8,726,985 web-facing computers. Although this reflects a gain of 1.12 million domains and 113,000 computers, there has been a loss of 119 million sites. This month’s relatively large drop in sites (-8.2%) includes a 10.3 million reduction in […]
The fourth edition of WordPress translation day is coming up on Saturday 11 May 2019: tomorrow! Get ready for a 24-hour, global marathon dedicated to localizing the WordPress platform and ecosystem. This event takes place both online and in physical locations across the world, so you can join no matter where you are! The WordPress […]
Multiple vulnerabilities were discovered in the Symfony PHP framework which could lead to cache bypass, authentication bypass, information disclosure, open redirect, cross-site request forgery, deletion of arbitrary files, or arbitrary code execution.
Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248
Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248
Multiple vulnerabilities were found in the BIND DNS server: CVE-2018-5743
Dean Rasheed discovered that row security policies in the PostgreSQL database system could be bypassed. For additional information please refer to the upstream announcement
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Fix for CVE-2019-5429
Fix for CVE-2019-5429
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. The used implementation however is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file.
Joomla! CMS versions 3.9.3 through 3.9.5
Upgrade to version 3.9.6
The JSST at the Joomla! Security Centre.
This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob feature you would be able to set the variable $YAML::LoadCode from a YAML file, and that would be a security issue.
Version 5.2 of WordPress is available for download or update in your WordPress dashboard. New features in this update make it easier than ever to fix your site if something goes wrong. There are even more robust tools for identifying and fixing configuration issues and fatal errors. Whether you are a developer helping clients or you manage your site solo, these tools can help get you the right information when you need it.
Denis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets.
The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
Joomla! CMS versions 1.7.0 through 3.9.5
Upgrade to version 3.9.6
The JSST at the Joomla! Security Centre.
Joomla 3.9.6 is now available. This is a security fix release for the 3.x series of Joomla which addresses one security vulnerability and contains over 25 bug fixes and improvements.
An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Restore s390x builds. —- 0.7.3.1
* Mouse cursor doubled on QEMU VNC on ppc64le (bz #1565253) * CVE-2019-3840: NULL deref after running qemuAgentGetInterfaces (bz #1665229)
Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878
Update to April 2019 CPU. See: http://mail.openjdk.java.net/pipermail/jdk- updates-dev/2019-April/000951.html
New upstream release with significantly reworked PKCS#11 support, GSSAPI key exchange and several fixes for CVE-2019-6111 and CVE-2019-6109
58 queries. 8.75 mb Memory usage. 1.500 seconds.