Advisories » MGASA-2018-0045

Updated awstats packages fix security vulnerability

Publication date: 03 Jan 2018
Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000501

Description

The cPanel Security Team discovered two path traversal flaws in awstats
in the "config" and "migrate" parameters that could be leveraged for
unauthenticated remote code execution (CVE-2017-1000501).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22275
• http://openwall.com/lists/oss-security/2017/12/29/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501

SRPMS

5/core

• awstats-7.3-3.1.mga5

6/core

• awstats-7.5-1.1.mga6