[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2506-1] awstats security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2506-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
December 23, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : awstats
Version        : 7.6+dfsg-1+deb9u2
CVE ID         : CVE-2020-29600 CVE-2020-35176
Debian Bug     : 891469 977190

It was discovered that Awstats, a web server log analyzer, was
vulnerable to path traversal attacks. A remote unauthenticated
attacker could leverage that to perform arbitrary code execution. The
previous fix did not fully address the issue when the default
/etc/awstats/awstats.conf is not present.

For Debian 9 stretch, this problem has been fixed in version
7.6+dfsg-1+deb9u2.

We recommend that you upgrade your awstats packages.

For the detailed security status of awstats please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/awstats

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl/jXPMACgkQj/HLbo2J
BZ8ffQf/S9j+l7tp4Fr1YLM5ay6+KnE4R990cqE4SeoWdlPFRE+LWsvEB99wjCcq
Vu96Iirug69cgguN/nIxl+TiD4mp3Udv7uqFshyGl1N2vDV1c4/0U3B7rvYseboe
TefuqBTNtzQGDZWDnddZx/1mM1INifNw06ZFjx2SNolgXvtsbt1vBaj/9lFVfYor
DX3BatpUVe/+V9Idm4bOsObvyWFJzars2UeGaTrzVAI7JGP8RlrETGBh99CnPfmX
zot9Tm45o+wuQUHIJ/uETVxoggjJ6pu1pmvYNQTVyLY/gYL2s0qZ0Xc8yFZ5t+nb
fYf/Qdgv0MRnnS09PcUf9t9AXU7hUw==
=lkgC
-----END PGP SIGNATURE-----
Reply to: