Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 36 FEDORA-2023-fda5480804 Severe: Awstats XSS Issue Fix

fedora
Calendar Grey January 18, 2023
Dist Fedora Esm H88
A security advisory for Fedora 36 addresses CVE-2022-46391, impacting awstats. Users must update their awstats packages to prevent potential XSS attacks and improve security
Security fix for CVE-2022-46391

Summary

Advanced Web Statistics is a powerful and full-featured tool that generates

advanced web server graphical statistics. This server log analyzer works

from the command line or as a CGI and shows all information your log contains,

in graphical web pages. It can analyze a lot of web/wap/proxy servers such as

Apache, IIS, Weblogic, Webstar, Squid, ... but also mail or FTP servers.

This program can measure visits, unique visitors, authenticated users, pages,

domains/countries, OS busiest times, robot visits, type of files, search

engines/keywords used, visit duration, HTTP errors and more...

Statistics can be updated from a browser or your scheduler.

The program also supports virtual servers, plugins and a lot of features.

With the default configuration, the statistics are available at:

Security fix for CVE-2022-46391

* Mon Jan 9 2023 Tim Jackson - 7.8-9

- Fix CVE-2022-46391 (rhbz #2150632)

- Clean up spec file, removing conditionals for now-obsolete releases

* Wed Jul 20 2022 Fedora Release Engineering - 7.8-8

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Mon May 30 2022 Jitka Plesnikova - 7.8-7

- Perl 5.36 rebuild

[ 1 ] Bug #2150632 - CVE-2022-46391 awstats: XSS due to improper input checks

https://bugzilla.redhat.com/show_bug.cgi?id=2150632

su -c 'dnf upgrade --advisory FEDORA-2023-fda5480804' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory fedora severe issue awstats xss threat

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 7.8
Release: 9.fc36
URL:
Summary: Advanced Web Statistics

Topics%20covered

Topics Covered

security advisory fedora severe issue awstats xss threat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here