Two vulnerabiliites have been discovered in Unbound, a recursive-only caching DNS server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient sanitisation of replies from upstream servers could result in denial of service via
Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting.
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Several security issues were fixed in Thunderbird.
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
In the May 2020 survey we received responses from 1,238,024,212 sites across 261,192,350 unique domains and 9,892,834 web-facing computers. This reflects a gain of 224,000 computers and 1.10 million domains, but a loss of 8.10 million sites.
nginx lost the greatest number of sites, with 14.2 million fewer than in April, but conversely had by far the greatest increases in unique domain names (+1.50 million, +2.02%), and web-facing computers (+137,000, +4.43%) this month. OpenResty, which is based on nginx, also saw a large 237,000 domain count increase to reach 7.15 million – the second largest increase in domains for any vendor this month.
Apache had losses in most metrics, dropping 244,000 domains. It did, however, come away with 6.88 million more sites and 45,000 more computers this month than last. Apache still leads in the active sites, computers, and top one million sites metrics.
Microsoft lost out on all metrics this month, dropping by 5.08 million sites and 175,000 unique domains. Both Apache and Microsoft have been on slow long-term downward trends in most metrics. Although they have both increased their count of web-facing computers over time, nginx has seen much stronger growth in comparison. Despite running on a 17.9% share of domain names and 16.4% share of computers, Microsoft holds a much smaller 4.72% share of active sites.
LiteSpeed currently serves 4.20 million domains, giving it a 1.61% market share. It has a slightly higher 1.88% share amongst the top one million sites. LiteSpeed has seen consistent growth, and has had a 23.3% domain count growth over the last 12 months.
Nginx released a new stable version of the nginx web server. nginx version 1.18.0 incorporates additional features which have been introduced in the mainline 1.17.x nginx versions over time. Nginx also released version 1.17.0 of the Nginx Unit application server.
LiteSpeed released new 1.6.13 and 1.7.1 versions of their OpenLiteSpeed web server, introducing bug fixes, security features, updates from their LSQUIC library, CentOS 8 support, and more.
| Developer | April 2020 | Percent | May 2020 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 459,886,788 | 36.91% | 445,724,550 | 36.00% | -0.90 |
| Apache | 308,143,708 | 24.73% | 315,019,262 | 25.45% | 0.72 |
| Microsoft | 160,121,865 | 12.85% | 155,042,311 | 12.52% | -0.33 |
| 42,648,748 | 3.42% | 44,304,867 | 3.58% | 0.16 |
An update for openvswitch is now available in Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for openvswitch2.11 is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Exclude arch s390x on el8 —- Update from upstream
Exclude arch s390x on el8 —- Update from upstream
### python-markdown2 2.3.9 ### – [pull #335] Added header support for wiki tables – [pull #336] Reset _toc when convert is run – [pull #353] XSS fix – [pull #350] XSS fix
The 5.6.14 stable kernel update contains a number of important fixes across the tree
Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail (shipped in Debian as netqmail with additional patches) which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file
Security fix for CVE-2018-1285
Update to 8.10 release (CVE-2020-12823)
**PHP version 7.3.18** (14 May 2020) **Core:** * Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant). (Nikita) *
**PHP version 7.3.18** (14 May 2020) **Core:** * Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant). (Nikita) *
Update to Ruby 2.6.6. Also fixes CVE-2020-10933 and CVE-2020-10663.
Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient validation of NXDOMAIN responses lacking an SOA.
Several security issues were fixed in ClamAV.
Several security issues were fixed in QEMU.
Several security issues were fixed in libvirt.
Several security issues were fixed in ClamAV.
An update for dotnet3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
New upstream release with fixes for CVEs and other enhancements.
Several security issues were fixed in the Linux kernel.
New upstream release with fixes for CVEs and other enhancements.
New upstream release with fixes for CVEs and other enhancements.
Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service.
50 queries. 9.25 mb Memory usage. 1.475 seconds.