People of WordPress features Monika Rao, a product and quality assurance manager in India.
Archive for April, 2023
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Update to 102.10.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2023-15/ ; https://www.thunderbird.net/en- US/thunderbird/102.10.0/releasenotes/
Security fix for CVE-2022-40897
– Update comrak to version 0.18.0. – Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak. This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).
– Update comrak to version 0.18.0. – Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak. This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).
– Update comrak to version 0.18.0. – Disable the unused markdown support in askama and askama_shared crates, which depends on an ancient version of comrak. This update also includes fixes for two medium-severity security issues in comrak (CVE-2023-28631 and CVE-2023-28626).
Several security issues were fixed in Netty.
Apache Commons Net could be made to expose sensitive information over the network.
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project: https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)
x86 shadow paging arbitrary pointer dereference [XSA-430, CVE-2022-42335]
OpenSSL-ibmca could be made to expose sensitive information.
The system could be made to run programs as an administrator.
In the April 2023 survey we received responses from 1,115,422,029 sites across 272,511,659 domains and 12,089,407 web-facing computers. This reflects a gain of 3.2 million domains but a loss of 596,923 sites and 16,775 web-facing computers.
nginx experienced large growth for both sites and domains this month. In our April survey, we saw 292.5 million sites running nginx, an increase of 3.0 million since March (+1.04%), and 74.2 million domains, an increase of 1.6 million (+2.23%). It now accounts for 26.23% of sites (+0.28pp) and 27.25% of domains (+0.27pp).
LiteSpeed had the largest loss by sites, dropping down to 56.2 million sites (-5.43%). This takes its share of sites to 5.04% from 5.33% (-0.29pp). Despite this, its number of domains increased, reaching 9.4 million (+1.43%).
OpenResty also saw significant losses this month, totalling a loss of 1.8 million sites (-2.07%) and 232,493 domains (-0.60%). OpenResty now accounts for 7.78% of sites and 14.1% of domains seen by Netcraft, down by 0.16pp and 0.26pp respectively.
In contrast to its performance in recent months, Apache gained both sites and domains this month: its usage increased by 1.1 million sites (+0.47%) and 1.8 million domains (+3.07%). Apache now accounts for 20.7% of sites (+0.11p) and 21.8% of domains (+0.40pp). Apache continues to lead in our active sites metric – which only counts sites with distinct content – where it holds a 20.79% share, ahead of nginx’s 19.07%.
The market share within the top million sites was relatively stable this month. nginx had the biggest drop, losing 688 sites (-0.32%), and Cloudflare had the biggest increase, gaining 711 sites (+0.33%). Cloudflare continues to lead in the top million sites, holding a 21.69% market share, 0.32 percentage points ahead of nginx.
In terms of web-facing computers, nginx led this month with a 6,541 increase (+0.14%), whereas Microsoft saw the largest decrease with a 20,360 loss (-1.66%). The standings for market share by computer count are now: 38.88% nginx (+0.11pp), 27.02% Apache (+0.01pp) and 9.99% Microsoft (-0.15pp).
Vendor news
- nginx 1.23.4 was released on 28th March 2023. It enables TLSv1.3 by default.
- njs 0.7.2 was released on 10th April 2023. It includes a new compression module ‘zlib’, providing support for the DEFLATE compression algorithm.
- Apache 2.4.57 was released on 6th April 2023, containing minor bug fixes.
- LiteSpeed 6.1.1 was released on 12th April 2023.
Developer | March 2023 | Percent | April 2023 | Percent | Change |
---|---|---|---|---|---|
nginx | 289,510,060 | 25.94% | 292,527,297 | 26.23% | 0.28 |
Apache | 229,628,183 | 20.58% | 230,706,481 | 20.68% | 0.11 |
Cloudflare | 113,533,078 | 10.17% | 113,441,471 | 10.17% | -0.00 |
OpenResty | 88,587,110 | 7.94% | 86,755,371 | 7.78% | -0.16 |
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
**Redis 6.2.12** Released Mon Apr 17 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28856**) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access Bug Fixes * Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875) * Disconnect
Selected notes from packaging changes and improvements: * 3.19.6 fixes CVE-2022-3171 * 3.19.5 fixes CVE-2022-1941 * License updated to SPDX * Unnecessary dependency on python3-six removed * Python extension is now the compiled C++ version, improving performance * All subpackages now have the license file or depend on something that does * The -vim subpackage now
Ghostscript could be made to crash or run programs as your login if it received a specially crafted input.
cloud-init could write sensitive information to logs.
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact
Logging Subsystem 5.6.5 – Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
Red Hat OpenShift Container Platform release 4.10.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10.
USN-6010-2 caused some minor regressions in Firefox.
update to 112.0.5615.165. Fixes the following security issues: CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033 CVE-2023-2136
Fix for CVE-2020-17354
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact