lp:ubuntu/warty-security/awstats
Created by
James Westby
and last modified
- Get this branch:
- bzr branch lp:ubuntu/warty-security/awstats
Members of
Ubuntu branches
can upload to this branch. Log in for directions.
Branch merges
Propose for merging
No branches
dependent on this one.
Branch information
Recent revisions
- 3. By Martin Pitt
-
* SECURITY UPDATE: fix more arbitrary command execution vulnerabilities
* wwwroot/cgi-bin/ awstats. pl: remove all non-path characters from the
"config", "logfile", "pluginmode", "loadplugin", and "noloadplugin"
parameters (which are defined by the remote user) to prevent execution of
arbitrary shell commands through shell metacharacters.
* References:
similar to CAN-2005-0116
http://packetstormsecu rity.nl/ 0501-exploits/ AWStatsVulnAnal ysis.pdf - 2. By Jonas Smedegaard <email address hidden>
-
Really fix bug#247265. Really closes: Bug#247265 (thanks to Edward
J. Shornock <email address hidden>).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/awstats