WP Briefing: Episode 46: The WP Bloopers Podcast
Dec31
on December 31, 2022
at 12:00 pm
Posted In: Uncategorized
This episode of the WP Briefing features all the Josepha bloopers our little elves have stored away over the year.
Archive for December, 2022
142 results.
Debian: DSA-5310-1: ruby-image-processing security update
Dec31
on December 31, 2022
at 9:44 am
Posted In: Uncategorized
It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input.
Comment
Fedora 36: OpenImageIO 2022-e63bc3eca2
Dec31
on December 31, 2022
at 2:07 am
Posted In: Uncategorized
OpenImageIO is a library for reading and writing images, and a bunch of related classes, utilities, and applications. Main features include: – Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. – Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,
Fedora 36: webkit2gtk3 2022-71121c44a4
Dec31
on December 31, 2022
at 1:23 am
Posted In: Uncategorized
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3.
Debian: DSA-5308-1: webkit2gtk security update
Dec31
on December 31, 2022
at 1:17 am
Posted In: Uncategorized
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42852
Debian: DSA-5309-1: wpewebkit security update
Dec31
on December 31, 2022
at 1:14 am
Posted In: Uncategorized
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-42852
Debian: DSA-5307-1: libcommons-net-java security update
Dec29
on December 29, 2022
at 10:01 pm
Posted In: Uncategorized
ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the
Debian: DSA-5306-1: gerbv security update
Dec27
on December 27, 2022
at 2:23 pm
Posted In: Uncategorized
Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed.
What Are WordPress Salts and How Do They Protect Your Site?
Dec23
on December 23, 2022
at 2:42 pm
Posted In: Uncategorized
What are WordPress salts? Here’s the short answer: they can help protect your WordPress website by storing user passwords and authenticating them safely. But what about the long answer? In this guide to WordPress Salts, you will find: A detailed look at WordPress salts Where WordPress salts can be found Information on how often you need to update WordPress salts and security keys Two techniques for changing WordPress salts By the time you reach the end of this guide, you will have the details you need to start using WordPress salts and get the most out of them. A…
The post What Are WordPress Salts and How Do They Protect Your Site? appeared first on Plesk.
Fix CVE-2022-4285. Fix a segfault when printing ghost variable.
LibHTP has been updated to 0.5.42 and is bundled with the release. Various security, performance, accuracy and stability issues have been fixed.
Update to 2022.10.3. Fixes CVE-2022-40284
Fix CVE-2022-4285. Fix a segfault when printing ghost variable.
LibHTP has been updated to 0.5.42 and is bundled with the release. Various security, performance, accuracy and stability issues have been fixed.
WP Briefing: Episode 45: State of the Word Reflections
Dec22
on December 22, 2022
at 12:00 pm
Posted In: Uncategorized
Josepha reflects on this year’s State of the Word address here on the WP Briefing podcast.
Debian: DSA-5305-1: libksba security update
Dec21
on December 21, 2022
at 10:18 pm
Posted In: Uncategorized
An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.
Security fix for CVE-2022-41854
Fedora 37: xorg-x11-server 2022-3d88188071
Dec21
on December 21, 2022
at 2:27 am
Posted In: Uncategorized
Fix buggy patch to CVE-2022-46340
Release notes for xrdp v0.9.21 (2022/12/10) General announcements – Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes This update is
Security fixes for CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023
Debian: DSA-5304-1: xorg-server security update
Dec20
on December 20, 2022
at 8:16 pm
Posted In: Uncategorized
Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
In the December 2022 survey we received responses from 1,125,374,532 sites across 271,238,722 domains and 12,234,425 web-facing computers. This reflects a loss of 9.7 million sites, 450,421 domains, and 72,200 web-facing computers.
Cloudflare continues its growth, gaining 1.5 million sites (+1.44%) and 309,670 domains (+1.21%). Cloudflare now accounts for 9.14% of sites and 9.57% of domains seen by Netcraft, up by 0.21pp and 0.13pp respectively.
Apache lost 7.4 million sites (-3.03%) and 15,439 web-facing computers (-0.46%). However, it saw a modest gain of 52,986 domains (+0.09%). nginx also saw significant loss of 5.5 million sites (-1.84%), 1.3 million domains (-1.77%), and 82,128 web-facing computers (-1.71%).
The largest percentage growth this month comes from LiteSpeed, with it gaining 1.1 million sites (+2.01%) and 170,873 domains (+2.03%). OpenResty also saw a significant growth of 1.1 million sites (+1.20%) but lost 135,748 domains (-0.34%).
In the top million busiest sites, Cloudflare continues its upward trend – gaining 809 of the top million sites, which increases its market share by 0.08pp to 21.08%. The gap between Cloudflare and the leader Apache, which lost 784 sites and 0.08pp market share, is down to just 0.51pp. In second place, nginx gained a modest 428 sites and 0.04pp market share.
Vendor news
- njs 0.7.9, the scripting language used to extend nginx, was released on 17th November 2022 with various bugfixes.
- Apache Tomcat versions 9.0.69 and 10.1.2 were released on 14th November 2022. Version 8.5.84 was released on 21st November 2022. All of these releases mostly contain bugfixes.
- AWS announced the new Europe (Zurich), Europe (Spain), and Asia Pacific (Hyderabad) Regions, bringing the total number of AWS Regions to 30. It also announced new Local Zones and various new features at AWS re:Invent 2022.
| Developer | November 2022 | Percent | December 2022 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 300,890,891 | 26.51% | 295,366,783 | 26.25% | -0.26 |
| Apache | 242,899,324 | 21.40% | 235,541,408 | 20.93% | -0.47 |
| Cloudflare | 101,367,889 | 8.93% | 102,829,746 | 9.14% | 0.21 |
| OpenResty | 91,612,799 | 8.07% | 92,711,293 | 8.24% | 0.17 |
NGINX is an open-source, free web server used for a wide range of topics including mail proxy, reverse proxy, load balancer and HTTP caching. Solution provides a high standard of performance with low weight, and while it is still fairly new compared to some of the alternative web servers on the market, NGINX is incredibly popular nonetheless. Its default setup offers high-speed performance, so it’s sure to impress you from the start — but there are ways to boost its performance even further. All you have to do is adjust some of its configurations. In our quick guide to improving…
The post NGINX Performance Tuning Tips appeared first on Plesk.
Any WordPress user knows that website problems are, sadly, unavoidable from time to time. Even the best coding is never perfect, after all. So, eventually, you may need to face the complexities of debugging in WordPress. But don’t worry: it’s actually a fairly simple, fast process. You can use various methods for debugging WordPress, with one for every experience level. This post will explore the debugging in WordPress process, covering how it works, how it can make coding more streamlined, and numerous tools and features for effective debugging. WordPress Debugging – The Purpose If you have no experience of debugging,…
The post Debugging in WordPress Explained appeared first on Plesk.
The Month in WordPress – November 2022
Dec20
on December 20, 2022
at 12:05 pm
Posted In: Uncategorized
WordPress enthusiasts tuned in last week for the State of the Word address to celebrate the project’s yearly accomplishments and explore what 2023 holds. But that’s not the only exciting update from the past month. New proposals and ideas are already emerging with an eye on the year ahead—let’s dive into them! Highlights from State […]
– Fix CVE-2022-44789 (rhbz#2148261) – Fix CVE-2022-30975 (rhbz#2088596) – Fix CVE-2022-30974 (rhbz#2088591)
Fedora 37: xorg-x11-server-Xwayland 2022-721a78b7e5
Dec19
on December 19, 2022
at 2:15 am
Posted In: Uncategorized
xwayland 22.1.6 Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, CVE-2022-4283
Security fix for CVE-2022-3500 Proper exception handling in tornado_requests
Update to version 4.17.4
Fedora 37: thunderbird 2022-d9231be2fd
Dec18
on December 18, 2022
at 2:12 am
Posted In: Uncategorized
Update to 102.6.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-53/ ; https://www.thunderbird.net/en- US/thunderbird/102.6.0/releasenotes/