[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1238-1] awstats security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : awstats
Version        : 7.0~dfsg-7+deb7u1
CVE ID         : CVE-2017-1000501
Debian Bug     : 885835

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the
handling of the "config" and "migrate" parameters resulting in unauthenticated
remote code execution.

For Debian 7 "Wheezy", these problems have been fixed in version
7.0~dfsg-7+deb7u1.

We recommend that you upgrade your awstats packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAlpVq6kACgkQF4RXf4Ef
bqzOOQ/+I+6khyYgjYjpmWASMT0pZQDOf+t4o0gkLsebMXvqW9hKvLboyDqnTNfD
fGfQdNHJ6ANnABXP7xctOh7N6rQD9jHEzkw45tQET4ecb/YZbz4ArQdpq+9bSbPT
lF9ebn8gDqQuLTKX8D3qtqRhRQvb5fze+GFTv2VnPiK5NdHmHBMvERCaeCD9njMm
E/ZpMqkAtwR5Wwy+pCOvPoWs/EWDN15djU8Ew4dENPvSuoCCVACGJWt/6lyAFcTq
yf+C0WTIVSfx6J9venNgQGt7XFWDbDD7+5EaKnGrOOTx/Tp2sQLtDhr65RwHycqk
Db9K8tQ6KydssHsJMZx+5D21E/uv3QmLKYGb07Lad1sM9GIE9ueGSfQvDCbTgF8+
j1rWo4+EltUdIDkP1biH6ERpeDlK2iKNDYeboTFlYzB+MJM+KjAgi/ID9RHrcC6d
iY1gC9zaVbpd0nnKJD4W+WAblEb2TbEr8D5olC4Y92Bd2mGBAicQCNd7aT0gVf5o
KgYii/G/rs/Gwxnph4v3E4wzCpVGuLvmgKZydMA10S9s4a0lDlXRG+UM+THjDDCW
KiOmhlrJrWQ1KPSR5nve3+yhO/gdJhOJ6g2VH7hUgCo5BrbeYeUPIoHvxrHY6Ui/
hrjYVcoXO8oNKwkoVeyiyeK3O7g8lsmpNe64Fq5E1HpgqB6lvko=
=vl5i
-----END PGP SIGNATURE-----


Reply to: