openSUSE 10 Security Update : awstats (awstats-1612)
Medium Nessus Plugin ID 27163
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes remote code execution vulnerabilities in awstats.
Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the 'migrate' parameter. #173041 - CVE-2006-2644: missing sanitizing of the 'configdir' parameter. #173041 - Make sure open() only opens files for read/write by adding explicit < and >.
SolutionUpdate the affected awstats package.