Ike.ninja

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Security fix for CVE-2022-40897

– Update comrak to version 0.18.0. – Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak. This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).

Several security issues were fixed in Netty.

update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project: https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)

OpenSSL-ibmca could be made to expose sensitive information.

In the April 2023 survey we received responses from 1,115,422,029 sites across 272,511,659 domains and 12,089,407 web-facing computers. This reflects a gain of 3.2 million domains but a loss of 596,923 sites and 16,775 web-facing computers.

nginx experienced large growth for both sites and domains this month. In our April survey, we saw 292.5 million sites running nginx, an increase of 3.0 million since March (+1.04%), and 74.2 million domains, an increase of 1.6 million (+2.23%). It now accounts for 26.23% of sites (+0.28pp) and 27.25% of domains (+0.27pp).

LiteSpeed had the largest loss by sites, dropping down to 56.2 million sites (-5.43%). This takes its share of sites to 5.04% from 5.33% (-0.29pp). Despite this, its number of domains increased, reaching 9.4 million (+1.43%).

OpenResty also saw significant losses this month, totalling a loss of 1.8 million sites (-2.07%) and 232,493 domains (-0.60%). OpenResty now accounts for 7.78% of sites and 14.1% of domains seen by Netcraft, down by 0.16pp and 0.26pp respectively.

In contrast to its performance in recent months, Apache gained both sites and domains this month: its usage increased by 1.1 million sites (+0.47%) and 1.8 million domains (+3.07%). Apache now accounts for 20.7% of sites (+0.11p) and 21.8% of domains (+0.40pp). Apache continues to lead in our active sites metric – which only counts sites with distinct content – where it holds a 20.79% share, ahead of nginx’s 19.07%.

The market share within the top million sites was relatively stable this month. nginx had the biggest drop, losing 688 sites (-0.32%), and Cloudflare had the biggest increase, gaining 711 sites (+0.33%). Cloudflare continues to lead in the top million sites, holding a 21.69% market share, 0.32 percentage points ahead of nginx.

In terms of web-facing computers, nginx led this month with a 6,541 increase (+0.14%), whereas Microsoft saw the largest decrease with a 20,360 loss (-1.66%). The standings for market share by computer count are now: 38.88% nginx (+0.11pp), 27.02% Apache (+0.01pp) and 9.99% Microsoft (-0.15pp).

Vendor news

• nginx 1.23.4 was released on 28th March 2023. It enables TLSv1.3 by default.
• njs 0.7.2 was released on 10th April 2023. It includes a new compression module ‘zlib’, providing support for the DEFLATE compression algorithm.
• Apache 2.4.57 was released on 6th April 2023, containing minor bug fixes.
• LiteSpeed 6.1.1 was released on 12th April 2023.

**Redis 6.2.12** Released Mon Apr 17 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28856**) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access Bug Fixes * Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875) * Disconnect

Ghostscript could be made to crash or run programs as your login if it received a specially crafted input.

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

Several security issues were fixed in the Linux kernel.

Logging Subsystem 5.6.5 – Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

USN-6010-2 caused some minor regressions in Firefox.

Fix for CVE-2020-17354

Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact