UbuntuUpdates.org

Package "awstats"

Name: awstats

Description:

powerful and featureful web server log analyzer

Latest version: 7.6+dfsg-2ubuntu0.20.10.1
Release: groovy (20.10)
Level: updates
Repository: main
Homepage: http://awstats.sourceforge.net/

Links


Download "awstats"


Other versions of "awstats" in Groovy

Repository Area Version
base main 7.6+dfsg-2
security main 7.6+dfsg-2ubuntu0.20.10.1

Changelog

Version: 7.6+dfsg-2ubuntu0.20.10.1 2021-05-13 19:06:26 UTC

  awstats (7.6+dfsg-2ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: Path traversal
    - debian/patches/CVE-2020-29600.patch: Disable parsing arbitrary files in
      wwwroot/cgi-bin/awstats.pl, introduced by an incomplete fix for
      CVE-2017-1000501.
    - CVE-2020-29600
  * SECURITY UPDATE: Path traversal
    - debian/patches/CVE-2020-35176.patch: Disable parsing /etc/ dir in
      wwwroot/cgi-bin/awstats.pl, introduced by an incomplete fix for
      CVE-2017-1000501.
    - CVE-2020-35176

 -- Avital Ostromich <email address hidden> Mon, 19 Apr 2021 18:00:48 -0400

CVE-2020-29600 In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/
CVE-2017-1000501 Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthen
CVE-2020-35176 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to on



About   -   Send Feedback to @ubuntu_updates