Debian alert DLA-4509-1 (awstats)
| From: | Chris Lamb <lamby@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4509-1] awstats security update | |
| Date: | Wed, 25 Mar 2026 14:00:00 -0700 | |
| Message-ID: | <177446567428.3188639.8779154233452163550@bigcat> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4509-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb March 25, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : awstats Version : 7.8-2+deb11u2 CVE ID : CVE-2025-63261 It was discovered that there was a potential command injection vulnerability in awstats, an analytics tool for web servers and similar services. For Debian 11 bullseye, this problem has been fixed in version 7.8-2+deb11u2. We recommend that you upgrade your awstats packages. For the detailed security status of awstats please refer to its security tracker page at: https://security-tracker.debian.org/tracker/awstats Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmnEMogACgkQHpU+J9Qx HljHfg//XD2z5DOapKkoVD2GMDro7Pa0FAeYBAZt98mginMH3w/pK5x5At5RT6ND VNrVKb/fAWbjVIETRYEzq5AXSLLBFQocdEWT5AUSsfhH/7GzCx14kjx0nD2QyeVW MNM7Lc9QIMY7L1P7eO1PjW6yaTDD2jdbj4iHfbhWTQ8TNyoOIuQhp1E6Eusd2gXR jxMMPSDVxY+8v9+twKiIY7D4T+8kvIvnZqrAB01EeC2Zvrsan5jdC5osBt7Ee5xR KOFisCe5cyoGR19XZdXdtauNJX29iiN/N7G4RATRUL5Bl1I0ZuazaGMhs41ZFpBo pUf9F/RtRgPLM3D44PObGAyYVDKR5KCbpD7P7R/ElHNEYrU4jD+0cZObzsANNO5W gDxo5NQtNrYz3o1sqAapfPC6HbqV4IWV+C9/Px86FTgruujfz+stMmt8E/yCn+Ih 8qoyzgtN1FilSL5DhpZBsEc2la6ctywScy4MKEjc93X4Tatb47URYyqE4xeGFGP5 FPwLv+BTdMNWUiXcBv777fDWYPl3SAf5xXniiWp3wFmP5txjs5SPFNJ8s5QXG7o5 /VUeIaHDKA8bmYzcBewI4RJo7CN5zsqiUDj4RE8s7ovENts/umEzVsKt/oDprhGN PGQsY8LBjIC9BwY3SiMdJTpT+qoNFe6Bv4BYm+cSayE/8dDziV0= =mzpF -----END PGP SIGNATURE-----