Ike.ninja

Several security issues were fixed in curl.

Update govultr/vultr-cli —- Update to latest

x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166]

In the June 2022 survey we received responses from 1,146,976,964 sites across 273,010,403 unique domains and 12,224,786 web-facing computers. This reflects a loss of 8.75 million sites and 583,000 domains, but a gain of 155,000 computers.

Cloudflare experienced strong growth this month, gaining 2.99 million sites and 85,000 domains, representing a 4.64% growth in its number of sites. Cloudflare experienced a significant outage on 21 June, impacting around half of the total requests made to its network. The outage lasted around an hour and a half and affected a significant number of popular sites. 20.2% of the million most visited sites rely on Cloudflare (up 1,400 sites since last month).

The three largest vendors by the million most visited sites metric—Apache, nginx, and Cloudflare—all have similar market share, though only Cloudflare gained market share this month. Apache saw the largest loss, dropping 2,190 sites (-0.96%), while nginx lost 280 sites (-0.13%).

LiteSpeed gained a significant number of sites with an addition of 2.96 million (+5.89%), and gained 171,000 (+2.21%) domains – the second largest increase this month. The number of web-facing computers using LiteSpeed also showed strong growth, increasing by 4,460 (+3.44%) to a total of 134,000.

nginx and Apache remain the two largest server vendors, though both saw similar losses of 6.52 million (-1.84%) and 6.18 million (-2.33%) sites this month. Despite this, nginx gained 795,000 (+1.06%) domains and saw continued growth in the number of web-facing computers with 158,000 (+3.44%) computers. Conversely, Apache lost 1.07 million domains (-1.71%) and 25,700 (-0.74%) web-facing computers.

Vendor news

• Apache httpd 2.4.54 was released on 8 June 2022. This release resolves multiple security issues, including several that affect mod_lua.
• nginx 1.23.0 was released on 21 June 2022. This is the first release in the 1.23.x mainline branch which will include newly developed features and bug fixes. By comparison, the 1.22.x stable branch released last month will only receive major bug fixes from the 1.23 mainline release. The update includes several changes that affect headers in addition to several bug fixes.
• njs 0.7.5 was also released on 21 June alongside nginx 1.23.0. njs is nginx’s JavaScript-based scripting language, and this update includes several small changes affecting headers in addition to bug fixes.
• Lighttpd 1.4.65 was released on 7 June 2022, bringing with it an implementation of WebSockets over HTTP/2. The release also includes an announcement of future scheduled behaviour changes that include using strong, modern TLS cipher suites by default.
• Apple announced support for Private Access Tokens in upcoming releases of iOS and macOS. This is part of the Privacy Pass standard, a collaboration between Apple, Google, and Cloudflare that can replace CAPTCHAs across the web by providing a secure way for the device to attest that it is an authentic device.
• Google Cloud recently added five new regional data centers, taking the total number of available GCP regions to 34. The new regions added were in Columbus, OH, Madrid, Dallas, TX, Milan, and Paris.

In this series, we share some of the inspiring stories of how WordPress and its global network of contributors can change people’s lives for the better. This month we feature Leo Gopal, from South Africa, a back-end Developer and Customer Support agent on the encouragement and learning support the WordPress community can give. Writing as […]

Update to 91.11.0

Security fixes for CVE-2022-2124, CVE-2022-2129, CVE-2022-2125, CVE-2022-2126, CVE-2022-1720, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2231, CVE-2022-2210, CVE-2022-2208, CVE-2022-2207, CVE-2022-2206

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

uboot-tools-2022.04-2: * Fixes for Pine64 Pinebook Pro * Fix for CVE-2022-30767 (NFSv2) * Fix for CVE-2018-25032 (zlib)

Join WordPress Executive Director Josepha Haden Chomphosy as she covers planning for major releases and how you can get involved in the 6.1 release cycle!

Multiple security issues were discovered in the Squid proxy caching server: CVE-2021-28116

Several security issues were fixed in SpiderMonkey JavaScript Library.