News

=========================================================== Ubuntu Security Notice USN-285-1 May 23, 2006 awstats vulnerability CVE-2006-2237 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: awstats The problem can be corrected by upgrading the affected package to version 6.3-1ubuntu0.2 (for Ubuntu 5.04), or 6.4-1ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: AWStats did not properly sanitize the 'migrate' CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server. This does not affect AWStats installations which only build static pages.