|
|
| Problem Description |
A cross-site scripting (XSS) vulnerability was found in AWStats that
allowed remote attackers to inject arbitrary web script or HTML via
the query_string (CVE-2008-3714).
The updated packages have been patched to prevent this issue.
| Updated Packages |
Corporate Server 4.0
c71882fb1113bea7adf3f31a2947bb78 corporate/4.0/i586/awstats-6.4-4.1.20060mlcs4.noarch.rpm cbeea61a4e0c77736931bfdb947a73e7 corporate/4.0/SRPMS/awstats-6.4-4.1.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
7d93335f21a8825e72bf88211ae50695 corporate/4.0/x86_64/awstats-6.4-4.1.20060mlcs4.noarch.rpm cbeea61a4e0c77736931bfdb947a73e7 corporate/4.0/SRPMS/awstats-6.4-4.1.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.