Ike.ninja

Security fix for CVE-2021-34363

Byobu could be made to expose sensitive information.

Several security issues were fixed in Ruby.

A new image is available for Red Hat Single Sign-On 7.5.1, running on OpenShift Container Platform 3.10 and 3.11, and 4.9. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score,

With the release of Plesk Obsidian 18.0.41 we are excited to announce ARM Architecture support, available for Ubuntu 20 as a Beta version only. Currently, you can obtain a VPS with the Plesk Panel on Graviton2 processors by using Plesk AWS AMI image in just a click. That said, by using the Plesk Panel on VPSes with ARM CPUs, you can reduce costs on server resources while maintaining high performance. Overall, we have identified that the interest in ARM processors on the server market has rocketed over the last two years. Therefore, we are thrilled to share with you why we…

The post Trends Review: The Rise of ARM Architecture appeared first on Plesk.

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

In the January 2022 survey we received responses from 1,167,715,133 sites across 269,835,071 unique domains and 11,700,892 web-facing computers. This reflects a loss of 1.15 million sites, but a gain of 1.51 million domains and 31,100 computers.

nginx lost 7.33 million sites this month (-1.91%) but continues to be the most commonly used web server with 32.3% of all sites using it. Although nginx’s share has fallen, Apache is still more than eight percentage points behind after losing 3.70 million sites (-1.31%), which has taken its own market share down to 23.9%.

nginx also leads in the domains metric, where it has a share of 26.6% compared with Apache’s 23.9%. This reflects a small reduction in nginx’s share – despite a modest gain of 25,400 domains – while Apache suffered the largest loss of 287,000 domains.

The largest site and domain growth was seen by Pepyaka, which is a web server that has primarily been used by the Wix web development platform since it switched from using nginx in 2018. The number of sites using Pepyaka grew by 4.02 million to 7.30 million this month, while its domain count went up by 1.80 million to 3.30 million.

The next largest domain growth was seen by OpenResty, which gained 686,000 domains this month, and 1.34 million sites in total. The second largest site growth was seen by Microsoft, which gained 2.46 million sites and now accounts for 4.86% of all sites and 5.00% of all domains.

Constraining the view to active sites, Apache is still the most commonly used web server, but its market share has fallen slightly to 23.4% after losing more than half a million active sites this month. Meanwhile, nginx gained 230,000 active sites and has increased its share to 20.2%.

Apache also maintains a slight lead in the top million websites, where it is used by 235,000 sites compared with 222,000 for nginx. However, Cloudflare has increased its presence by a further 4,959 sites and is now not too far behind with a total of 191,000. If this trend continues, Cloudflare could soon overtake both nginx and Apache to become the most commonly used top-million web server.

Looking at web-facing computers, nginx’s strong growth continues unabated. This month it is being used by an additional 32,700 web-facing computers and its market share has increased to 37.7%. Its lead over Apache was further extended by Apache’s loss of 29,100 computers, which sent Apache’s share down to 29.9%.

Vendor news

• Apache 2.4.52 was released on 20 December 2021. This is the latest release from the 2.4.x stable branch and includes two security fixes amongst a host of other changes.
• Apache Tomcat 9.0.56, 10.0.14 and 10.1.0-M8 (alpha) were released on 8 December 2021. Each of these versions include a fix for a known operating system bug that could cause incoming connections to be reported more than once.
• nginx 1.21.5 was released on 28 December 2021. This is the latest release in the mainline branch of nginx and is now built with the PCRE2 library by default.
• njs 0.7.1 was also released on 28 December 2021. This release includes several bugfixes and some other changes to ensure that njs scripts use the same regular expression library as nginx.
• Microsoft has mitigated an insecure default behaviour in the Azure App Service that inadvertently exposed hundreds of source code repositories. The team that found the vulnerability noted that it had existed since September 2017 and has probably been exploited in the wild. The problem could have impacted PHP, Node, Ruby, Python and Java applications that serve static content, as well as some Azure App Service Linux applications that were deployed using Local Git after files were created or modified in the content root.
• Cloudflare has introduced a new product called Bulk Redirects, which lets website administrators upload and enable large numbers of URL redirects. These were typically implemented with Page Rules before, which are limited to a maximum of 125 redirects.
• OpenResty 1.21.4.1 RC1 was released on 16 December 2021. This version is based on nginx 1.21.4 and adds several new features including support for BoringSSL.

– kombu 5.2.3: https://github.com/celery/kombu/blob/master/Changelog.rst#523 – celery 5.2.3: https://github.com/celery/celery/blob/master/Changelog.rst#523

Update to 0.9.6, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog for details.

Update to 0.9.6, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog for details.

Matthew Wild discovered that the WebSockets code in Prosody, a lightweight Jabber/XMPP server, was susceptible to denial of service. For the oldstable distribution (buster), this problem has been fixed

The 5.15.14 stable kernel update contains a number of important fixes across the tree.

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed

An update for samba is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Security fix for CVE-2021-41500. Upstream notes for version 1.2.7 read: “Bug fixes, Python 3.10 compatibility”.