An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
e2fsprogs could be made to execute arbitrary code if it was running in a crafted ext4 partition.
USN-4247-1 introduced a regression in python-apt.
An update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Several security issues were fixed in zlib
Several security issues were fixed in GraphicsMagick.
Several security issues were fixed in python-apt.
An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
update to enigmail 2.1.5 Includes a security fix for “Unsigned MIME parts displayed as signed”
Multiple integer overflows have been discovered in the libtiff library and the included tools. For the stable distribution (buster), these problems have been fixed in
In the January 2020 survey we received responses from 1,295,973,827 sites across 249,618,033 unique domain names and 9,576,845 web-facing computers. This reflects a gain of 27.7 million sites, 5.86 million domains, and 146,000 computers.
Apache, nginx, and Microsoft all saw increases in their totals for number of domains in January 2020, although nginx demonstrated substantially the largest growth (+2.53 million), bringing its market share up to 25.8% and its total to 64,391,621 domains. The growths this month for Apache (+80,900) and Microsoft (+66,300) were much smaller in comparison. An additional 2.18 million domains identified themselves as Cloudflare servers, an 11.3% increase since December, bringing the Cloudflare-exclusive server platform up to 21.4 million domains. LiteSpeed usage grew by 96,500 domains — a fairly consistent and strong 2.5% growth — giving it a new total of 3.97 million.
Looking instead over the span of the past year, Microsoft's domain count decreased by 12.1 million (-20.8%), whilst nginx grew by 12.5 million (+24.0%), partly due to a swing from Microsoft to nginx at GoDaddy seen in March. Apache's count of domains is largely the same as it was a year ago, only having shrunk slightly by 1.79 million domains (-2.4%).
The gains and losses in domains were also met with similar trends in active sites. The number of active sites seen by Netcraft in January 2020 increased to 189 million, up from 183 million since the previous month. Around 1.99 million of the increase came from nginx, and 1.12 million from Cloudflare, increasing their respective totals by +5.7% and +6.6%. Apache and Microsoft, on the other hand, remained fairly stable this month, but overall lost out over the course of a year. LiteSpeed's active site count also continues to grow steadily, increasing by 149,000 (+3.1%) this month to reach 4.95 million.
By count of web-facing computers, Apache, nginx, and Microsoft all demonstrated gains, with nginx showing the most significant gain of 83,700 additional computers since December. Over the past year, nginx has grown by 771,000 computers (+33.2%), far in excess of Apache's 192,000 (+6.1%) and Microsoft's 105,000 (+6.8%) growths.
On January 14, 2020 Microsoft ended support for Windows Server 2008 and Server 2008 R2. As a component of the operating system, versions of Microsoft's IIS (Internet Information Services) are tightly bound to the Windows versions they run on, with IIS/7.5 being the version integrated into Windows Server 2008 R2. As such, IIS/7.5 is similarly end-of-life, receiving no further security fixes. Despite forward notice, and the availability of more modern versions, there is often a great deal of inertia preventing companies from upgrading operating system software before it falls out of support. As of January 2020, Netcraft counted 887,000 web-facing computers running Windows Server 2008 and 2008 R2, making them the most popular versions of Windows employed in the webserver market. Furthermore, over half of all counted Windows computers ran some end-of-life version of the Windows family of operating systems.
Turning to the use of IIS specifically, Netcraft found almost 2.85 million active sites running on IIS/7.5 – 32.5% of all active sites running on some version of IIS. Approximately 940,000 active sites run on even older versions of IIS. Within the top one million sites, 25,700 of the 77,800 sites running on IIS use an outdated version.
LiteSpeed Technologies released versions 1.6.5 and 1.5.11 of their open source OpenLiteSpeed web server. The updates introduce improvements to caching performance, security, and stability. The updates also see OpenLiteSpeed move to version 2.8.3 of lsquic, LiteSpeed's C implementation of the experimental QUIC and HTTP/3 transport protocols.
Nginx released version 1.14.0 of their Nginx Unit dynamic application server, providing additional features and bug fixes. Nginx also released a minor bugfix update for the open source edition of the main nginx web server product.
The Apache Tomcat project has released updated versions for each supported release of its Java HTTP server and Servlet container software. Versions 9.0.30, 8.5.50 and 7.0.99 include various fixes and updates.
| Developer | December 2019 | Percent | January 2020 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 479,072,656 | 37.77% | 488,628,547 | 37.70% | -0.07 |
| Apache | 308,978,570 | 24.36% | 310,833,084 | 23.98% | -0.38 |
| Microsoft | 185,084,122 | 14.59% | 181,873,181 | 14.03% | -0.56 |
| 37,290,465 | 2.94% | 39,081,956 | 3.02% | 0.08 |
An update for python-reportlab is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for apache-commons-beanutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
PySAML2 could be made to bypass signature verification with arbitrary data.
Several security issues were fixed in Samba.
Updates the nss package to upstream NSS 3.49. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes * https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes
Fixes —– A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses CVE-2019-5094) E2fsck now checks to make sure the casefold flag is only set on directories, and only when the casefold feature is enabled. E2fsck will not disable the low dtime checks when using a backup superblock where the last mount time is zero. This fixes a
Update to Linux v5.4.12 —- Update to Linux v5.4.11
Update to Linux v5.4.12 —- Update to Linux v5.4.11
This update fixes a minor security vulnerability ([`LD_PREFER_MAP_32BIT_EXEC` not ignored in setuid binaries](https://bugzilla.redhat.com/show_bug.cgi?id=1774682) and addresses are long-standing bug where missing shared objects could cause crashes due to incorrectly handled `dlopen` failures (RHBZ#1395758). The latter fix also causes
Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP
Several security issues were fixed in libbsd.
The post “You can’t go wrong with Plesk” – An Interview with Softaculous appeared first on Plesk.
Several security issues were fixed in Sysstat.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users.
Update to 79.0.3945.117. Fixes CVE-2020-6377. —- Security fix for CVE-2019-13767. —- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737
Update to Rack 2.0.8.
50 queries. 9.25 mb Memory usage. 1.216 seconds.