Fedora 32: php-PHPMailer 2020-06e87e71fe
Fix CVE-2020-13625 vulnerability.
Fix CVE-2020-13625 vulnerability.
This release fixes security issue CVE-2020-13999 .
This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Online shopping has surged since lockdown started in March. Many of us, looking to be healthier, have headed online for sports equipment and a number of sportswear retailers have reported booming online sales. John Lewis recorded a 72% increase in total sports shoe sales, while Adidas and Puma have both seen an increase in ecommerce revenue.
Shoppers browsing online for the best deals, however, need to take care, as many people would be surprised at the scale of fake shops. Each day we find new fake shops designed to entice shoppers away from bona fide outlets, as many brands have yet to find effective countermeasures.
Counterfeit shoes, clothing and other accessories are estimated to lose the industry more than €26 billion each year in the EU alone, while the loss due to all online counterfeiting is estimated at $323 billion a year. The OECD estimated that over 3% of all imports worldwide are counterfeit.
Traditionally fake shops claim to sell luxury consumer goods at highly discounted prices. We have seen fake shops using at least three different models:
We are currently block around 75,000 fake shops in our extension and apps. Of these, roughly half target a specific brand, such as Nike or Adidas. About 70% of the fake shops selling branded goods sell shoes, predominantly trainers.
Corroborating this, European customs authorities handle more cases of counterfeit sports shoes than any other type of product.
Several vulnerabilities were discovered in coturn, a TURN and STUN server for VoIP. CVE-2020-4067
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input.
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Special Register Buffer speculative side channel [XSA-320]
A vulnerability was discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service via malformed HTTP/2 headers.
– avoid overwriting a local file with -J (CVE-2020-8177) – fix partial password leak over DNS on HTTP redirect (CVE-2020-8169)
The future of brick and mortar shops has been changing into a hybrid of traditional and digital, and the current health crisis is fast-tracking the digital experience. As the stay-home orders came in, and only essential business could remain open with some others slowly opening with restrictions, the e-commerce industry and digital brands went into overdrive. Brick-and-Mortar retailers traditionally offer products and services to their customers face-to-face in a storefront that gives them a unique advantage over …
Security fix for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543 —- Security fixes for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543
– New upstream release – Actually reload the DFU device after upgrade has completed – Capture the dock SKU in report metadata – Correctly set the Logitech device protocol – Do not use shim for non-secure boot configurations – Ensure that the DeviceID is set for child devices – Fix an error when detaching MSP430 – Fix the DeviceID set by GetDetails – Force the prometheus minor version from
Update to latest upstream version.
This release fixes a number of issues found in the 4.1 branch.
Security fix for CVE-2020-13790
https://gitlab.com/sane-project/backends/-/releases
Although Apache and NGINX are both web servers, they approach the task of serving web pages differently. Each has advantages and trade-offs, which prompts the question: can I use NGINX with cPanel? The short answer is yes, you can use NGINX with cPanel; however, its integration is a little tricky. Let’s explore the ways cPanel users can take advantage of NGINX’s strengths, and look at how we are working to make NGINX a viable alternative …
Several security issues were fixed in the NVIDIA graphics driver kernel modules.
Several security issues were fixed in NVIDIA graphics drivers.
An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Red Hat AMQ Broker 7.7 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
In the June 2020 survey we received responses from 1,224,760,416 sites across 262,406,750 unique domains and 10,042,047 web-facing computers. This reflects a gain of 1.21 million domains and 149,000 computers, but a loss of 13.3 million sites.
Microsoft lost the largest number of sites – more than 20 million – taking its total down by 13% to 135 million. This has decreased its market share by 1.51 percentage points to 11.0%. Apache also suffered a sizable loss of 10.7 million sites, decreasing its total to 304 million and taking its share down by 0.60 points to 24.8%.
nginx continues to lead with a total of 449 million sites, an increase of 2.95 million since last month. Coupled with the other major vendors’ losses, this has increased nginx’s market share by 0.63 points to 36.6%.
nginx also showed the largest computer growth, with 115,000 more computers taking its total up to 3.35 million and putting it only 76,000 computers away from Apache’s leading total.
While nginx looks set to soon become the largest vendor in terms of computers – possibly even by next month – celebrations by F5 Networks are likely to be marred by the latest developments in the dispute over the ownership of the nginx web server source code: it is now being sued by Lynwood Investments, who claim it owns the software.
The latest move comes after police raids on the offices of nginx and the home of one of its co-founders, Igor Sysoev, in December 2019. Russian search engine and e-commerce service provider, Rambler, alleged the webserver was developed while Igor Sysoev was a Rambler employee. Rambler transferred the rights to pursue the dispute to Lynwood Investments.
Meanwhile, nginx has also extended its recent new lead in the domains metric, with it now being used to host sites across 1.82 million more domains than last month.
Google was the only major vendor to gain active sites this month – a 2.12% increase to 19.3 million – and LiteSpeed was the only one to increase its presence among the top million websites, where it now has a share of 1.92%.
nginx 1.19.0 mainline was announced on 26 May. This first release in the 1.19.* stream adds client certificate validation with OCSP, as well as a few bug fixes. The latest stable version is still 1.18.0, which was released in April. The difference between these two release streams is that the mainline branch is where new features are added, while the stable branches receive only security and bug fixes. This gives the stable releases a fixed feature set, which increases compatibility with third-party modules.
Developer | May 2020 | Percent | June 2020 | Percent | Change |
---|---|---|---|---|---|
nginx | 445,724,550 | 36.00% | 448,673,487 | 36.63% | 0.63 |
Apache | 315,019,262 | 25.45% | 304,288,405 | 24.84% | -0.60 |
Microsoft | 155,042,311 | 12.52% | 134,874,928 | 11.01% | -1.51 |
44,304,867 | 3.58% | 43,449,240 | 3.55% | -0.03 |
This release contains bug fixes only (which includes security fixes): – Increase cache buffers size to accomodate VLAN edits (#594) – Correct L2 header length to correct IP header offset (#583) – Fix warnings from gcc version 10 (#580) – Heap Buffer Overflow in randomize_iparp (#579) – Use after free in get_ipv6_next (#578) – Heap Buffer Overflow in git_ipv6_next (#576) – Call
**horde 5.2.23** * [mjr] SECURITY: Fix javascript injection vulnerability in mobile login page. * [mjr] Fix broken cloud search in portal block.
58 queries. 9 mb Memory usage. 1.383 seconds.