Nom du paquet
awstats
Date
2009-10-09
Advisory ID
MDVSA-2009:266
Affected versions
CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in awstats:

awstats.pl in AWStats 6.8 and earlier does not properly remove quote
characters, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via the query_string parameter. NOTE:
this issue exists because of an incomplete fix for CVE-2008-3714
(CVE-2008-5080).

This update fixes this vulnerability.

Updated packages

CS4.0 x86_64

 c96b5745505285c7ae80a798397d3efa  corporate/4.0/x86_64/awstats-6.4-4.2.20060mlcs4.noarch.rpm 
 aad43ac08b36f39640ba196b379a51b3  corporate/4.0/SRPMS/awstats-6.4-4.2.20060mlcs4.src.rpm

MES5 i586

 0c9d48d0a9654b3b70d0c744a3f7cb3b  mes5/i586/awstats-6.8-1.1mdvmes5.noarch.rpm 
 045a91a40fe4dcded24395be72aa802e  mes5/SRPMS/awstats-6.8-1.1mdvmes5.src.rpm

CS4.0 i586

 9e3e4e52928adf8f7dac28b092a2a256  corporate/4.0/i586/awstats-6.4-4.2.20060mlcs4.noarch.rpm 
 aad43ac08b36f39640ba196b379a51b3  corporate/4.0/SRPMS/awstats-6.4-4.2.20060mlcs4.src.rpm

MES5 x86_64

 135bbfe9935bf15700276fecc491764a  mes5/x86_64/awstats-6.8-1.1mdvmes5.noarch.rpm 
 045a91a40fe4dcded24395be72aa802e  mes5/SRPMS/awstats-6.8-1.1mdvmes5.src.rpm

References