Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· AMD 2nd Gen Ryzen Reviews and more
· Windows 10 Insider Preview Build 17650 released
· MySQL and Libreoffice Updates for Debian 7 LTS
· Apache and OpenSSL Security Update for Ubuntu Linux
· MySQL 8.0.11 released
· Popular YouTuber Says Apple Won't Fix His iMac Pro Damaged While Disassembled and more
· GD Update (SSA:2018-108-01) for Slackware
· Wieshark and Opencv Updates for Debian 7 LTS
· 16 Oracle Linux Updates
· WebKitGTK+ 2.21.1 released

Upcoming News
· Samsung 860 Pro SSD Review @ Vortez
· Raijintek Orcus 240 @ TechPowerUp
· Team Group Cardea Zero 240 GB @ TechPowerUp
· Guru3D Rig of the Month - January 2018
· Cooler Master MK750 Review @ Vortez
· Seagate Skyhawk 10TB SATA III HDD Review
· Vulkan Continues To Show Its Gaming Strength On Low-End Hardware
· Seagate IronWolf ST12000VN0007 12TB Hard Drive Review @ APH Networks
· Sennheiser Game One @ TechPowerUp
· be quiet! Straight Power 11 1000W Power Supply Review

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 1193 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 2366 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 4249 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 2855 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 4770 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » June 2006 » USN-290-1: awstats vulnerability

USN-290-1: awstats vulnerability

Posted by Bob on: 06/08/2006 03:52 PM [ Print | 0 comment(s) ]

A new awstats vulnerability update is available for Ubuntu Linux. Here the announcement:




Ubuntu Security Notice USN-290-1 June 08, 2006
awstats vulnerability
CVE-2006-2644
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
awstats 6.3-1ubuntu0.3

Ubuntu 5.10:
awstats 6.4-1ubuntu1.2

Ubuntu 6.06 LTS:
awstats 6.5-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Hendrik Weimer discovered a privilege escalation vulnerability in
awstats. By supplying the 'configdir' CGI parameter and setting it to
an attacker-controlled directory (such as an FTP account, /tmp, or
similar), an attacker could execute arbitrary shell commands with the
privileges of the web server (user 'www-data').

This update disables the 'configdir' parameter by default. If all
local user accounts can be trusted, it can be reenabled by running
awstats with the AWSTATS_ENABLE_CONFIG_DIR environment variable set to
a nonempty value.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubun=
tu0.3.diff.gz
Size/MD5: 25786 f0aff903ca34176072985eb0cc291093
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubun=
tu0.3.dsc
Size/MD5: 595 52ec6fc22747b67732f48d60adc0c187
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3.orig.=
tar.gz
Size/MD5: 938794 edb73007530a5800d53b9f1f90c88053

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.3-1ubun=
tu0.3_all.deb
Size/MD5: 726624 c774701a596cf7b61d06861dd8c8471e

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4-1ubun=
tu1.2.diff.gz
Size/MD5: 18999 1523e09757b7de3c075bb86067f33445
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4-1ubun=
tu1.2.dsc
Size/MD5: 595 1433006e2e47ad101e2344967ab8c491
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4.orig.=
tar.gz
Size/MD5: 918435 056e6fb0c7351b17fe5bbbe0aa1297b1

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.4-1ubun=
tu1.2_all.deb
Size/MD5: 728650 694410e8ed001ad701a91594685f8b8b

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubun=
tu1.1.diff.gz
Size/MD5: 18857 7ff1194a74691e801a3b7fee24776e19
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubun=
tu1.1.dsc
Size/MD5: 779 af43c7c831376f72803478265e3044fc
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5.orig.=
tar.gz
Size/MD5: 1051780 aef00b2ff5c5413bd2a868299cabd69a

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubun=
tu1.1_all.deb
Size/MD5: 853150 42f6fa26513e4ef65c9c30e01ad4e9c9


--pE2VAHO2njSJCslu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEiDUIDecnbV4Fd/IRAkZfAJ93sGRhaV32pH75v3NQ8vGageixXgCgseKH
rAaT2CUyNsvxlWKObnRQH14=
=Y2IW
-----END PGP SIGNATURE-----


Bookmark and Share

« Half-Life 2: Episode One Review · Zalman CNPS8000 Cooler Review »

Linux Compatible » News » June 2006 » USN-290-1: awstats vulnerability
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition