----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Ubuntu update for awstats

SECUNIA ADVISORY ID:
SA33002

VERIFY ADVISORY:
http://secunia.com/advisories/33002/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/advisories/product/10611/
Ubuntu Linux 7.10
http://secunia.com/advisories/product/16251/
Ubuntu Linux 8.04
http://secunia.com/advisories/product/18611/
Ubuntu Linux 8.10
http://secunia.com/advisories/product/20299/

DESCRIPTION:
Ubuntu has issued an update for awstats. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

For more information:
SA31519

SOLUTION:
Apply updated packages.

-- Ubuntu 6.06 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.3.diff.gz
Size/MD5: 20231 02f6d6768115e61ecf3cb347e20a4d6b
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.3.dsc
Size/MD5: 823 0acdf09ceaa643749b1d42a48b01a753
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5.orig.tar.gz
Size/MD5: 1051780 aef00b2ff5c5413bd2a868299cabd69a

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.5-1ubuntu1.3_all.deb
Size/MD5: 853248 3b839bfdfce5331f902838694df21039

-- Ubuntu 7.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg-1ubuntu0.1.diff.gz
Size/MD5: 20242 b0b2a251637b40ba30f2916b45629f33
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg-1ubuntu0.1.dsc
Size/MD5: 915 ca6ded2a6d1fe2175d01d996b0e3f590
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg.orig.tar.gz
Size/MD5: 1073578 6887d3f49de4f50830c0940041200632

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.6+dfsg-1ubuntu0.1_all.deb
Size/MD5: 898120 cc9aa605fbe5455b2c0681ee4f3c7af1

-- Ubuntu 8.04 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-1ubuntu0.1.diff.gz
Size/MD5: 23385 ab783d7817033c0240920e0d4aa6637c
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-1ubuntu0.1.dsc
Size/MD5: 1017 1e66b61f4a072905ab5039c9211fc7c8
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg.orig.tar.gz
Size/MD5: 1093568 98a5fad9c379ac4884d7af90db6e087b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-1ubuntu0.1_all.deb
Size/MD5: 907832 a7c108e27112aa3ef21df347302dce36

-- Ubuntu 8.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-5ubuntu0.1.diff.gz
Size/MD5: 28889 57d485dea3b40aadc924c81fa67666e4
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-5ubuntu0.1.dsc
Size/MD5: 1530 c6dae34e2a0ac2d7036e45257e62f122
http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg.orig.tar.gz
Size/MD5: 1093568 98a5fad9c379ac4884d7af90db6e087b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/awstats/awstats_6.7.dfsg-5ubuntu0.1_all.deb
Size/MD5: 908744 ca2b119c43f0943d1763348e10a599c6

ORIGINAL ADVISORY:
USN-686-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000797.html

OTHER REFERENCES:
SA31519:
http://secunia.com/advisories/31519/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------