MGASA-2018-0045

Source
https://advisories.mageia.org/MGASA-2018-0045.html
Import Source
https://advisories.mageia.org/MGASA-2018-0045.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2018-0045
Related
Published
2018-01-03T14:22:14Z
Modified
2018-01-03T13:54:10Z
Summary
Updated awstats packages fix security vulnerability
Details

The cPanel Security Team discovered two path traversal flaws in awstats in the "config" and "migrate" parameters that could be leveraged for unauthenticated remote code execution (CVE-2017-1000501).

References
Credits

Affected packages

Mageia:5 / awstats

Package

Name
awstats
Purl
pkg:rpm/mageia/awstats?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.3-3.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / awstats

Package

Name
awstats
Purl
pkg:rpm/mageia/awstats?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.5-1.1.mga6

Ecosystem specific

{
    "section": "core"
}