Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 507
Alerts This Week
Warning Icon 1 507

Debian DLA-3225-1 Moderate: AWStats XSS Issue and Mitigation

debian lts
Calendar Grey December 5, 2022
Scroller Debian Lts
Debian LTS Notice DLA-3226-2 addresses CSRF vulnerabilities in the Joomla plugin; users are advised to update for improved safety.
AWStats, a powerful and featureful web server log analyzer, allowed XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks

Summary

For Debian 10 buster, this problem has been fixed in version
7.6+dfsg-2+deb10u2.

We recommend that you upgrade your awstats packages.

For the detailed security status of awstats please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/awstats

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
important
Lowest
Low
Medium
High
Critical

Package: awstats
Version: 7.6+dfsg-2+deb10u2
CVE ID: CVE-2022-46391
Debian Bug: 1025410

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.