Updated awstats package fixes a security vulnerability
Publication date: 14 Jan 2021Type: security
Affected Mageia releases : 7
CVE: CVE-2020-29600
Description
It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present (CVE-2020-29600).
References
SRPMS
7/core
- awstats-7.7-1.1.mga7