It was discovered that IPython, an enhanced interactive Python shell, executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to.
An update for samba is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
An update for samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
ldns could be made to expose sensitive information if it received a specially crafted input.
Netcraft’s most recent Web Server Survey includes nearly 1.2 billion websites. Most of these sites return a server banner that shows which web server software they use, thus allowing us to determine the market shares of each server vendor since 1995.
Many of these server banners are simply short strings like “Apache”, while others may include additional details that reveal which other software – and which versions – are installed on the server. One such example is “Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.2k-fips DAV/2 PHP/5.5.38”.
Chrome’s Network Inspector showing the HTTP response headers for wordpress.com, which uses the nginx web server. It does not reveal a version number.
A web server reveals its server banner via the Server HTTP response header. This string is not ordinarily exposed to users, but most browsers allow it to be viewed in the Network Inspector panel.
Web server software usually allows its server banner to be modified. A common reason for changing the default value is to reduce the amount of information that would be revealed to an attacker.
For example, if a web server advertises itself as running a vulnerable version of Apache, such as “Apache/2.4.49” it could be more likely to come under attack than a server that reveals only “Apache”.
Our Web Server Survey includes a few websites that return the following Server header, which takes a deliberate swipe at the effectiveness of hiding this sort of information:
Server: REMOVED FOR PCI SCAN COMPLIANCE - SECURITY THROUGH OBSCURITY WORKS, RIGHT? - https://bit.ly/2nzfRrtOf course, with this amount of flexibility, a cheeky or malicious administrator can configure a web server to pretend to be anything they want. Sometimes this is done in a deliberate attempt to cloak the truth or to mislead, while in others it may simply be done as a joke waiting to be found by anyone curious enough to look for the banner.
Amongst the 1.2 billion websites, there are plenty of examples of unlikely server banners.
– Update cargo-insta to version 1.11.0. – Update the insta crate to version 1.11.0. – Update the ron crate to version 0.7.0. – Introduce a compat package for ron versions 0.6.x. – Update the similar-asserts crate to version 1.2.0. – Update the similar crate to version 2.1.0.
– Update cargo-insta to version 1.11.0. – Update the insta crate to version 1.11.0. – Update the ron crate to version 0.7.0. – Introduce a compat package for ron versions 0.6.x. – Update the similar-asserts crate to version 1.2.0. – Update the similar crate to version 2.1.0.
Fix for CVE-2021-32765
Security fixes for CVE-2022-0351, CVE-2022-0359 —- Security fixes for CVE-2022-0213, CVE-2022-0261
The update for prosody released as DSA 5047 introduced a memory leak. Updated prosody packages are now available to correct this issue. For the oldstable distribution (buster), this problem has been fixed
It was discovered that missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it (such as Gajim).
# New in release OpenJDK 17.0.2 (2022-01-18): Live versions of these release notes can be found at: * https://bitly.com/openjdk1702 * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt ## Security fixes – JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named “.” inside – JDK-8264934, CVE-2022-21248: Enhance cross VM
update to version 2.10 and enable OCV CVE-2022-23303
As a web hoster, sysadmin, or general site owner, keeping your sites and servers healthy is your daily number-one priority. But this involves having your eyes and ears on every aspect of your business, 24/7. Most small to medium businesses don’t have the resources to manage this without error. That’s why all (smart) web pros depend on monitoring solutions to act as their complete, full-time detection system. Site monitoring provides an ideal set of tools to track performance and user experience, but just as important is your own server monitoring kit. Because keeping your servers healthy is the basis of…
The post Top Server & Site Monitoring Tools, Compared appeared first on Plesk.
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Several security issues were fixed in Vim.
* fix CVE-2021-44716 * fix CVE-2021-43813 * use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
Several security issues were fixed in WebKitGTK.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 9 in the Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
GNU cpio could be made to crash or run programs if it opened a specially crafted file.
Several security issues were fixed in shadow.
Security fix for CVE-2021-4122.
Security fix for CVE-2021-4034
Two vulnerabilities were discovered in uriparser, a library that parses Uniform Resource Identifiers (URIs), which may result in denial of service or potentially in the the execution of arbitrary code.
58 queries. 8.75 mb Memory usage. 1.350 seconds.