Ubuntu 4291-1: mod-auth-mellon vulnerability
libapache2-mod-auth-mellon could be made to redirect users to malicious sites.
libapache2-mod-auth-mellon could be made to redirect users to malicious sites.
libpam-radius-auth could be made to crash if it received specially crafted network traffic.
An update for python-pillow is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for python-pillow is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
The post A Plesk Journey: Told By Our Two Longest-serving Employees appeared first on Plesk.
Fix for CVE-2020-7105 hiredis: NULL pointer dereference in async.c and dict.c
Resolves: #1795838, #1802904 – Security fix for CVE-2020-8945
Fix for CVE-2020-7105 hiredis: NULL pointer dereference in async.c and dict.c
Resolves: #1795838, #1802904 – Security fix for CVE-2020-8945
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868
Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service
– New upstream release (73.0.1)
This update backports a patch for CVE-2020-8112.
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.
As mentioned in this post, Matt will host a livestream on February 22 during Bangkok daylight hours. He opened an invitation to any speaker who was affected by the cancellation, and the livestream will include the following fine people: Imran Sayed, Md Saif Hassan, Muhammad Muhsin, Nirav Mehta, Piccia Neri, Umar Draz, and Francesca Marano […]
cPanel continues to move towards a more modern user interface framework to provide the best product experience possible. That’s why we are going to start shifting away from Internet Explorer 11, starting with Version 88. This change not only offers a better user experience, but it also allows us to be more efficient in our development process. We are encouraging cPanel Partners and users to discontinue the use of IE11 as their primary web browser …
An update for python-pillow is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
In the February 2020 survey we received responses from 1,260,909,305 sites across 254,192,929 unique domains and 9,564,965 web-facing computers. This reflects a loss of 35.1 million sites and 11,900 computers, but a gain of 4.57 million domains.
The largest swings this month were seen for nginx. Despite losing 28.7 million sites and 64,500 web-facing computers, nginx excelled in other metrics this month, including a 3.06 million increase in unique domain count and a 675,000 increase in active sites count, building upon its rapid growth from last month.
Apache increased its share of the sites market this month by 0.53 percentage points, owed largely to the aforementioned drop in sites for nginx. This comes despite a drop of 1.77 million sites for Apache. Apache also lost 187,000 domains and 97,500 active sites this month. Apache did, however, gain an extra 6,400 web-facing computers. Apache is presently the most commonly used web server in terms of domains, active sites, and computers, and also has the greatest portion of the top one million busiest sites. The only metric in which it is currently beaten is the relatively unstable total count of sites (hostnames), for which nginx currently holds first place.
Microsoft saw modest growth in its counts of active sites (+193,000), web-facing computers (+9,890), and domains (+536,000). Microsoft saw a reduction of 2.65 million sites, but, like Apache, was left with an increase in its market share overall.
Apache released versions 7.0.100, 8.5.51, and 9.0.31 of its Tomcat Java Servlet software. The updates, which are largely the same across the major versions, include fixes, improvements, and some refactoring. Coyote, the HTTP connector component of Apache Tomcat, was found serving around 325,000 domains this month.
NGINX released an update for NGINX Unit, their open source dynamic application server, adding support for Ruby 2.7 and addressing a number of bugs.
Developer | January 2020 | Percent | February 2020 | Percent | Change |
---|---|---|---|---|---|
nginx | 488,628,547 | 37.70% | 459,966,569 | 36.48% | -1.22 |
Apache | 310,833,084 | 23.98% | 309,061,300 | 24.51% | 0.53 |
Microsoft | 181,873,181 | 14.03% | 179,225,073 | 14.21% | 0.18 |
39,081,956 | 3.02% | 40,120,733 | 3.18% | 0.17 |
Several security issues were fixed in Squid.
ppp could be made to crash or run programs if it received specially crafted network traffic.
An update for ksh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
rhbz#1784216, python3-remoto —- Security fix for CVE-2020-1699
– dovecot updated to 2.3.9.3 – fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. – fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868
– dovecot updated to 2.3.9.3 – fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes. – fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
Open Liberty 20.0.0.2 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Red Hat OpenShift Container Platform release 3.11.170 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
58 queries. 9.5 mb Memory usage. 0.655 seconds.