Ike.ninja

nvme: Fix DMA reentrancy use-after-free (CVE-2021-3929)

In the September 2022 survey we received responses from 1,129,251,133 sites across 271,625,260 unique domains, and 12,252,171 web-facing computers. This month all three metrics have decreased since August, with a loss of 5.82 million sites, 115,512 unique domains and 113,356 web-facing computers.

nginx had the largest increase in web-facing computers, gaining 28,887 (+0.56%) this month. OpenResty had the second largest increase, gaining 6,008 (+3.54%) web-facing computers, along with a gain of 339,813 (+0.86%) domains and 149,893 (+2.35%) active sites. Google showed strong growth in all metrics, with an increase of 5,127 web-facing computers, 211,135 (+8.83%) domains, and 895,225 (+4.71%) active sites.

Within the top million busiest sites, Apache lost 0.21pp of its market share. Despite this, it continues to be the most commonly used web server in the top million. nginx also continued its long-term downward trend, but lost only 0.14pp, further closing the gap between Apache and nginx. The gap now stands at 4,499 sites, a decrease of 13.8% since last month. Meanwhile, Cloudflare’s growth continues, with its market share in the top million increasing by 0.25pp.

Apache also experienced a loss in overall market share, losing 414,684 (-0.94%) active sites and 18,156 computers (-0.49%). The only other developers to lose active sites were Microsoft and nginx, with losses of 58,443 (-1.01%) and (-0.10%) respectively.

LiteSpeed’s market share continues to increase at a steady rate, with it gaining 92,704 (+1.14%) domains and 70,146 (+0.73%) active sites this month.

Vendor news

• njs 0.7.7, the scripting language used to extend nginx, was released on 30 August 2022, with new features and bug fixes.
• Lighttpd 1.4.67 was released, with a variety of bug fixes.
• Amazon AWS opened a new region in the United Arab Emirates. This is the second AWS region in the Middle East, joining the existing region in Bahrain.
• Microsoft’s Windows Server 2022 is now generally available.
• Cloudflare published an article about the development of its purpose built HTTP Proxy, Pingora.

Python could be made to redirect web traffic if its http.server received a specially crafted request.

OAuthLib could be made to crash if it received specially crafted network traffic.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

This month, Tokyo was the stage of our latest WebPros Partner Day, sponsored by Acronis and Virtuozzo. Smoothly organized in the Shinagawa venue close to Tokyo’s sparkling business district, WebPros was eager to return to form for yet another informative day of sharing and caring – a slice of the good life – with our dedicated partners from the east and beyond. As we still find ourselves amidst an ongoing Covid pandemic, we wish to sincerely thank the brave Godzilla’s who managed to come out to make it to this event. Bravo! For those who couldn’t, stay put: we have…

The post After Japan Partner Day 2022 appeared first on Plesk.