The People of WordPress feature this month shares the story of engineer and developer Tonya Mork.
Archive for February, 2022
163 results.
Ubuntu 5309-1: virglrenderer vulnerabilities
Feb28
on February 28, 2022
at 2:07 pm
Posted In: Uncategorized
Several security issues were fixed in virglrenderer.
Comment
In the February 2022 survey we received responses from 1,173,621,471 sites across 271,199,972 unique domains and 11,774,714 web-facing computers. This reflects a gain of 5.91 million sites, 1.36 million domains and 73,800 computers.
OpenResty experienced the strongest growth this month, both in overall sites and domains, with increases of 10.4 million sites and 546,000 domains. This represents a large 13.0% increase in its number of sites, but a more modest 1.4% increase in domains. Its market share in the domains metric now stands at 15.1%, an increase of 0.13 percentage points since January.
nginx closely followed OpenResty with a growth of 538,000 domains, helping it to maintain its leading 26.7% market share. nginx also saw strong growth in web-facing computers, which increased by 53,500. In contrast to its gains in these metrics, nginx lost 12.1 million sites this month (-3.2%), however it retains its position as the most commonly used web server with 31.1% of all sites using it.
Cloudflare continues to make strong gains amongst the million busiest websites, where it saw the only notable increases, with an additional 3,200 sites helping to bring its market share up to 19.4%. Apache, Microsoft and nginx all experienced losses in this metric; however, Apache and nginx still hold the top two positions with market shares of 23.3% and 22.1%.
Vendor news
- Apache Tomcat 9.0.59, 10.0.17 and 10.1.0-M11 (alpha) were released on 28 February 2022. Some of the notable changes are common between all three versions, including resolving a regression in a fix for a race condition, and improving the detection of the Linux duplicate accept bug.
- nginx 1.21.6 mainline was released on 25 January 2022. This version contains three bugfixes and no new features.
- njs 0.7.2 was also released with several core bugfixes on 25 January 2022. njs is the subset of the JavaScript language that can be used to extend nginx functionality.
- Cloudflare has agreed to acquire Area 1 Security with the intention of integrating Area 1’s technology into its global network to protect customers from email-based security threats.
- Lighttpd 1.4.64 was released on 19 January 2022. This includes numerous changes, including a security fix for a buffer overflow vulnerability that would have been unlikely to affect most configurations.
| Developer | January 2022 | Percent | February 2022 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 377,019,054 | 32.29% | 364,956,731 | 31.10% | -1.19 |
| Apache | 279,709,815 | 23.95% | 277,928,961 | 23.68% | -0.27 |
| OpenResty | 80,238,470 | 6.87% | 90,652,376 | 7.72% | 0.85 |
| Cloudflare | 60,881,028 | 5.21% | 62,423,819 | 5.32% | 0.11 |
Several security issues were fixed in QEMU.
Ubuntu 5306-1: WebKitGTK vulnerabilities
Feb28
on February 28, 2022
at 9:11 am
Posted In: Uncategorized
Several security issues were fixed in WebKitGTK.
Ubuntu 5305-1: MariaDB vulnerabilities
Feb28
on February 28, 2022
at 9:11 am
Posted In: Uncategorized
Several security issues were fixed in MariaDB.
Ubuntu 5304-1: PolicyKit vulnerability
Feb28
on February 28, 2022
at 9:10 am
Posted In: Uncategorized
policykit-1 could be made to crash if it received specially crafted data.
The 5.16.11 stable kernel update contains a number of important fixes across the tree.
Debian: DSA-5087-1: cyrus-sasl2 security update
Feb25
on February 25, 2022
at 6:08 pm
Posted In: Uncategorized
It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for
RedHat: RHSA-2022-0682:01 Important: Red Hat OpenShift GitOps security
Feb25
on February 25, 2022
at 5:13 pm
Posted In: Uncategorized
An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 1.3 on OCP 4.7-4.9. (GitOps v1.3.4)
Security fix for CVE-2022-0554 —- Security fixes for CVE-2022-0714, CVE-2022-0729 —- Security fix for CVE-2022-0696 —- Security fix for CVE-2022-0629 —- Security fix for CVE-2022-0572 —- Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443 —- Security fix for CVE-2022-0685
Security fix for CVE-2021-0561
The 5.16.11 stable kernel update contains a number of important fixes across the tree.
virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358)
Fedora 34: java-11-openjdk 2022-477401b0f7
Feb25
on February 25, 2022
at 12:30 pm
Posted In: Uncategorized
# New in release OpenJDK 11.0.14.1 (2022-02-08): Live versions of these release notes can be found at: * https://bitly.com/openjdk110141 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.1.txt # Changes * [JDK-8218546](https://bugs.openjdk.java.net/browse/JDK-8218546): Unable to connect to https://google.com using java.net.HttpClient —- # New
Security fix for https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-01-17
The newest upstream commit — Security fixes for CVE-2022-0714, CVE-2022-0729
RedHat: RHSA-2022-0565:01 Important: OpenShift Container Platform 4.6.55
Feb24
on February 24, 2022
at 11:13 pm
Posted In: Uncategorized
Red Hat OpenShift Container Platform release 4.6.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
The 5.16.10 stable kernel update contains a number of important fixes across the tree.
New version 3.6.2, security fix for CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585, CVE-2022-0586
RedHat: RHSA-2022-0672:01 Moderate: ruby:2.5 security update
Feb24
on February 24, 2022
at 5:33 pm
Posted In: Uncategorized
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Updated Paper Lantern Removal Schedule
Feb24
on February 24, 2022
at 4:07 pm
Posted In: Uncategorized
Back in August of 2021, we announced the deprecation of Paper Lantern. Today we’re updating the schedule for the final stage: its removal. In the previous deprecation schedule, we planned a series of changes across 3 versions: 100, 102 LTS, and 104. With 100 and 102 LTS changes already happening, we are now delaying the removal of Paper Lantern from 104 to 108. In version 108 (debuting Q3-Q4 of 2022): We will remove the Paper Lantern theme from …
The post Updated Paper Lantern Removal Schedule first appeared on cPanel Blog.
RedHat: RHSA-2022-0665:01 Important: python-pillow security update
Feb24
on February 24, 2022
at 11:14 am
Posted In: Uncategorized
An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2022-0669:01 Important: python-pillow security update
Feb24
on February 24, 2022
at 11:14 am
Posted In: Uncategorized
An update for python-pillow is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2022-0666:01 Important: cyrus-sasl security update
Feb24
on February 24, 2022
at 11:14 am
Posted In: Uncategorized
An update for cyrus-sasl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
RedHat: RHSA-2022-0555:01 Important: OpenShift Container Platform 3.11.634
Feb24
on February 24, 2022
at 11:13 am
Posted In: Uncategorized
Red Hat OpenShift Container Platform release 3.11.634 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2022-0668:01 Important: cyrus-sasl security update
Feb24
on February 24, 2022
at 11:13 am
Posted In: Uncategorized
An update for cyrus-sasl is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
RedHat: RHSA-2022-0667:01 Important: python-pillow security update
Feb24
on February 24, 2022
at 11:13 am
Posted In: Uncategorized
An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
USN-5292-1 introduced a regression in snapd.
Debian: DSA-5086-1: thunderbird security update
Feb23
on February 23, 2022
at 5:22 pm
Posted In: Uncategorized
An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message. For the oldstable distribution (buster), this problem has been fixed