Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 7 Jan 2018 04:32:32 +0100
From: Stefan Pietsch <>
To:, Hanno Böck
 <>, John Lightsey <>
Subject: Re: Path traversal flaws in awstats 7.6 and earlier.

On 06.01.2018 10:33, Hanno Böck wrote:

>> The cPanel Security Team discovered two path traversal flaws in
>> awstats that could be leveraged for unauthenticated remote code
>> execution.
> On
> the latest version is still 7.6
> On the github repo you linked the latest version is 7.5.

The awstats GitHub page has version 7.6:

> Are you in contact with the developers? It's not exactly ideal that
> there's a publicly known remote code execution and there is no new
> release containing the fix.

By not releasing a new version of awstats it gets unnecessarily
difficult to track the fix in distributions.

The author has proven that he is not able to handle security issues well
when I contacted him last year.

On the project's security page there is no update so far:


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ