[plug] NOTE: serious security flaw in AwStats
William Kenworthy
billk at iinet.net.au
Wed Feb 16 21:08:21 WST 2005
This is an old bug as things go: was announced back on the 17th Jan,
gentoo had a fix through the GLSA mechanism a few days later. Cant crow
too much tho as it appears they partially stuffed the fix and had to
reissue it a couple of days ago!
BillK
On Wed, 2005-02-16 at 20:48 +0800, Sol Hanna wrote:
> I just got cracked. :'( Not too badly, but it could have been worse.
>
> I just went to do an upgrade on my Debian server (which does have the a
> security mirror in sources.list) and noted that even Debian doesn't have
> the most recent security upgrade for AwStats. It's a fairly new problem
> so I thought I had better warn any users of AwStats that there is a
> major vulnerability which allows code to be sent to be executed through
> the webserver. Slashdot has some info and links here:
> http://it.slashdot.org/article.pl?sid=05/02/08/1834203&tid=172&tid=156
>
> Hope this helps somebody.....
>
> /sol
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
--
William Kenworthy <billk at iinet.net.au>
Home!
More information about the plug
mailing list