Ubuntu 5831-1: Linux kernel (Azure CVM) vulnerabilities
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
In the January 2023 survey we received responses from 1,132,268,801 sites across 270,967,923 unique domains, and 12,156,700 web-facing computers. This reflects a gain of 6,894,269 sites, but a loss of 270,799 domains and 77,725 computers.
Within the top million busiest sites, Cloudflare has jumped from 3rd to 1st place — overtaking both Apache and nginx in a single month — its market share increased by 0.56pp and now stands at 21.64%. Along with Apache (21.40%) and nginx (21.20%), the top three web servers power almost two-thirds of the top million busiest sites.
Cloudflare’s journey to the top of the million busiest sites metric began in the February 2021 Web Server Survey, when we started tracking it separately from nginx to reflect Cloudflare’s extensive use of in-house technologies. At the time of this split, Cloudflare was already the third most used within the top million busiest sites, having overtaken Microsoft in March 2019. In September 2022, Cloudflare announced its replacement of nginx with Pingora, a new in-house HTTP proxy.
Cloudflare was founded in 2009 and launched publicly in 2010. Its core service is a content delivery network which sits between end-users and websites, providing increased performance by caching content and using optimised routes across the Internet.
It grew quickly, with its core service available for free and with generous bandwidth limits. In 2014 it launched Universal SSL, providing free access to HTTPS for sites using Cloudflare. The company went public in 2019. It has mitigated some of the largest denial-of-service attacks ever observed on the Internet: most recently a 2.5 Tbps attack targeting a server for the video game Minecraft in 2022.
However, its growth has not been without controversies. Its content neutrality policy has been criticised, with it providing service to cybercriminals and sites containing hate speech and far-right content. In 2017 a buffer overflow in Cloudflare’s code caused private information from a small percentage of requests, such as authentication tokens, to be leaked.
In recent years, Cloudflare’s offering has expanded and it now competes with cloud computing giants Amazon Web Services, Google Cloud and Microsoft Azure in areas such as serverless computing, object storage and managed databases.
Cloudflare has also seen sustained growth in other metrics in January: across all sites, Cloudflare saw the largest growth, with an increase of 9.3 million sites (+9.07%) and 473,405 domains (+1.82%).
Google had the second largest growth amongst all sites, with a gain of 0.33 million sites (+0.63%), 37,483 domains (+1.46%). OpenResty saw a decrease of 419,469 sites (-0.45%) and 571,662 domains (-1.45%), but an increase of 8,608 computers (+4.83%).
nginx saw growth in sites and domains for the first time since August 2022, with an increase of 311,521 sites (+0.11%) and 527,542 domains (+0.79%), but still lost 23,344 computers (-0.49%). Apache saw a decrease across all metrics, losing 1.9 million sites (-0.81%), 900,956 domains (-1.52%) and 51,758 computers (-1.53%).
Developer | December 2022 | Percent | January 2023 | Percent | Change |
---|---|---|---|---|---|
nginx | 295,366,783 | 26.25% | 295,678,304 | 26.11% | -0.13 |
Apache | 235,541,408 | 20.93% | 233,636,177 | 20.63% | -0.30 |
Cloudflare | 102,829,746 | 9.14% | 112,159,331 | 9.91% | 0.77 |
OpenResty | 92,711,293 | 8.24% | 92,291,824 | 8.15% | -0.09 |
Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Update to 1.3.2 (CVE-2022-29187, CVE-2022-24765)
https://www.mediawiki.org/wiki/Release_notes/1.38 https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
A security update for Fuse 7.11.1 is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact
USN 5822-1 introduced regressions on Ubuntu 20.04 LTS.
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Submariner 0.12.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.5. Red Hat Product Security has rated this update as having a security impact
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.0 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named. For the stable distribution (bullseye), these problems have been fixed in
An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which
Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of
**Redis 7.0.8** Released Mon Jan 16 12:00:00 IDT 2023 Security Fixes: * (**CVE-2022-35977**) Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic * (**CVE-2023-22458**) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of- service Bug Fixes * Avoid possible hang when client issues long KEYS,
libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in Kerberos.
Several security issues were fixed in Bind.
Several security issues were fixed in Privoxy.
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
PAM would allow unintended access to the machine over network.
Update to 42.6
Several security issues were fixed in MySQL.
Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure. For the stable distribution (bullseye), this problem has been fixed in
58 queries. 9 mb Memory usage. 0.610 seconds.