# July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 ## New features * [JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport ## Security fixes – JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) – JDK-8028591, CVE-2020-14578:
Archive for July, 2020
Several security issues were fixed in MySQL.
# July 2020 OpenJDK security update for OpenJDK 11 Full release notes: https://bitly.com/openjdk1108 ## Security fixes – JDK-8230613: Better ASCII conversions – JDK-8231800: Better listing of arrays – JDK-8232014: Expand DTD support – JDK-8233234: Better Zip Naming – JDK-8233239, CVE-2020-14562: Enhance TIFF support – JDK-8233255: Better Swing Buttons –
ClamAV 0.102.4 is a bug patch release to address the following issues: CVE-2020-3350
WordPress 5.5 Beta 4
WordPress 5.5 Beta 4 is now available! This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version. You can test WordPress 5.5 Beta 4 in two ways: Try the WordPress Beta Tester plugin (choose the […]
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
An update for atomic-openshift, atomic-openshift-web-console, and cri-o is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Several security issues were fixed in ClamAV.
SQLite could be made to crash or run programs if it processed a specially crafted query.
An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
In the July 2020 survey we received responses from 1,234,228,567 sites across 260,658,118 unique domains and 10,221,919 web-facing computers. This represents a gain of 9.47 million sites and 180,000 computers, but a loss of 1.75 million domains.
Most of the major server vendors saw gains in total sites this month: Apache gained 9.8 million sites after a loss of roughly the same size last month, while Microsoft and nginx gained 5.4 million and 2.5 million sites respectively. LiteSpeed continued to see strong growth, gaining 1.95 million new sites this month. Although it makes up 2.17% of the market, this represents strong growth from 1.62% at the start of the year.
nginx showed the highest growth in terms of domains, gaining 200,000. Losses of 1.1 million domains for Microsoft and 998,000 for Apache have further boosted nginx’s lead in this metric, and it now stands around 30 million domains ahead with a 29.8% (+0.27 pp) market share.
nginx also showed the highest growth in web-facing computers, with an increase of 97,000 taking its total to 3.5 million and leaving it just 9,000 computers (0.09 pp of market share) shy of Apache, the current leader. Apache has consistently had the highest number of web-facing computers since Netcraft began tracking the metric in 2007, but has slowly been losing market share – primarily to nginx. Microsoft trails in third position with a total of 1.6 million web-facing computers, around half that of nginx and Apache.
New vendor releases
LiteSpeed announced the first release candidate of LiteSpeed Web Server 6.0 on 17 July. This release brings several major new features such as support for conditionals in Apache configuration files, asynchronous execution of the mod_security Web Application Firewall, and sandboxed execution environments for PHP and CGI scripts. It also adds support for the latest HTTP/3 specification, draft 29. LiteSpeed has historically been fast to adopt new draft versions of HTTP/2 and HTTP/3, often implementing support within a month of a new draft’s release.
nginx 1.19.1 mainline was announced on 7 July with a few minor changes and bugfixes – mainline being the release stream which receives new feature updates. Alongside this, nginx released version 0.4.2 of njs, a custom subset of JavaScript which allows nginx’s functionality to be extended. This release adds new regular expression and filesystem methods to the language, in addition to bugfixes.
Developer | June 2020 | Percent | July 2020 | Percent | Change |
---|---|---|---|---|---|
nginx | 448,673,487 | 36.63% | 451,156,878 | 36.55% | -0.08 |
Apache | 304,288,405 | 24.84% | 314,054,523 | 25.45% | 0.60 |
Microsoft | 134,874,928 | 11.01% | 140,264,332 | 11.36% | 0.35 |
43,449,240 | 3.55% | 44,290,430 | 3.59% | 0.04 |
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of access/sandbox restrictions or information disclosure.
0.9.24 release
It was discovered that incorrect memory handling in the SLIRP networking implementation could result in denial of service or potentially the execution of arbitrary code.
# July 2020 OpenJDK security update for OpenJDK 11 Full release notes: https://bitly.com/openjdk1108 ## Security fixes – JDK-8230613: Better ASCII conversions – JDK-8231800: Better listing of arrays – JDK-8232014: Expand DTD support – JDK-8233234: Better Zip Naming – JDK-8233239, CVE-2020-14562: Enhance TIFF support – JDK-8233255: Better Swing Buttons –
Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
Rebase to upstream release 1.2.1.
Add patch to bump W_MAX_BYTES to 8.
Several security issues were fixed in LibVNCServer.
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Spam is a huge challenge for anyone who hosts email, even though users only see a tiny fraction of the spam they’re sent. Most unwanted messages never reach inboxes, but an incredible 54 percent of all email traffic is spam, and that’s down from 70 percent a decade ago. The good thing is ISPs and hosting providers are better at stamping out spammers, and users are more aware of the risks. Still, hundreds of billions …
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Several security issues were fixed in OpenJDK.
Red Hat AMQ Broker 7.4.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Pillow could be made to crash if it opened a specially crafted file.
An update is now available for Red Hat build of Thorntail. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which