Ike.ninja

libapache2-mod-auth-mellon could be made to redirect users to malicious sites.

An update for python-pillow is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

The post A Plesk Journey: Told By Our Two Longest-serving Employees appeared first on Plesk.

Resolves: #1795838, #1802904 – Security fix for CVE-2020-8945

Resolves: #1795838, #1802904 – Security fix for CVE-2020-8945

Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service

This update backports a patch for CVE-2020-8112.

Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.

cPanel continues to move towards a more modern user interface framework to provide the best product experience possible. That’s why we are going to start shifting away from Internet Explorer 11, starting with Version 88. This change not only offers a better user experience, but it also allows us to be more efficient in our development process. We are encouraging cPanel Partners and users to discontinue the use of IE11 as their primary web browser …

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

In the February 2020 survey we received responses from 1,260,909,305 sites across 254,192,929 unique domains and 9,564,965 web-facing computers. This reflects a loss of 35.1 million sites and 11,900 computers, but a gain of 4.57 million domains.

The largest swings this month were seen for nginx. Despite losing 28.7 million sites and 64,500 web-facing computers, nginx excelled in other metrics this month, including a 3.06 million increase in unique domain count and a 675,000 increase in active sites count, building upon its rapid growth from last month.

Apache increased its share of the sites market this month by 0.53 percentage points, owed largely to the aforementioned drop in sites for nginx. This comes despite a drop of 1.77 million sites for Apache. Apache also lost 187,000 domains and 97,500 active sites this month. Apache did, however, gain an extra 6,400 web-facing computers. Apache is presently the most commonly used web server in terms of domains, active sites, and computers, and also has the greatest portion of the top one million busiest sites. The only metric in which it is currently beaten is the relatively unstable total count of sites (hostnames), for which nginx currently holds first place.

Microsoft saw modest growth in its counts of active sites (+193,000), web-facing computers (+9,890), and domains (+536,000). Microsoft saw a reduction of 2.65 million sites, but, like Apache, was left with an increase in its market share overall.

Vendor News

Apache released versions 7.0.100, 8.5.51, and 9.0.31 of its Tomcat Java Servlet software. The updates, which are largely the same across the major versions, include fixes, improvements, and some refactoring. Coyote, the HTTP connector component of Apache Tomcat, was found serving around 325,000 domains this month.

NGINX released an update for NGINX Unit, their open source dynamic application server, adding support for Ruby 2.7 and addressing a number of bugs.

ppp could be made to crash or run programs if it received specially crafted network traffic.

rhbz#1784216, python3-remoto —- Security fix for CVE-2020-1699

* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868

Open Liberty 20.0.0.2 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability