Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-686-1: AWStats vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-686-1: AWStats vulnerability
# 1  
Old 12-03-2008
USN-686-1: AWStats vulnerability
Referenced CVEs:
CVE-2008-3714


Description:
===========================================================Ubuntu Security Notice USN-686-1 December 04, 2008awstats vulnerabilityCVE-2008-3714===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: awstats 6.5-1ubuntu1.3Ubuntu 7.10: awstats 6.6+dfsg-1ubuntu0.1Ubuntu 8.04 LTS: awstats 6.7.dfsg-1ubuntu0.1Ubuntu 8.10: awstats 6.7.dfsg-5ubuntu0.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Morgan Todd discovered that AWStats did not correctly strip quotes fromcertain parameters, allowing for an XSS attack when running as a CGI.If a user was tricked by a remote attacker into following a speciallycrafted URL, the user's authentication information could be exposed forthe domain where AWStats was hosted.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

update-initramfs

UPDATE-INITRAMFS(8)					      update-initramfs manual					       UPDATE-INITRAMFS(8)

NAME

       update-initramfs - generate an initramfs image

SYNOPSIS

       update-initramfs -c|-d|-u [-k version] [-t] [-v] [-b] [-h]

DESCRIPTION

       The  update-initramfs  script manages your initramfs images on your local box.  It keeps track of the existing initramfs archives in /boot.
       There are three modes of operation create, update or delete.  You must at least specify one of those modes.

       The initramfs is a gzipped cpio archive.  At boot time, the kernel unpacks that archive into RAM disk, mounts and uses it as  initial  root
       file system. All finding of the root device happens in this early userspace.

OPTIONS

	-k  version
	      Set  the	specific  kernel  version for whom the initramfs will be generated.  For example the output of uname -r for your currently
	      running kernel.  This argument is optional for update. The default is the latest kernel version.

	      The use of "all" for the version string specifies update-initramfs to execute the chosen action for all kernel  versions,  that  are
	      already known to update-initramfs.

	-c    This mode creates a new initramfs.

	-u    This mode updates an existing initramfs.

	-d    This mode removes an existing initramfs.

	-t    Allows one to take over an custom initramfs with a newer one.

	-v    This option increases the amount of information you are given during the chosen action.

	-b    Set an different bootdir for the image creation.

	-h    Print a short help page describing the available options in update-initramfs.

EXAMPLES

       Update the initramfs of the newest kernel:

       update-initramfs -u

       Create the initramfs for a specific kernel:

       update-initramfs -c -k 2.6.18-1-686

FILES

       /etc/initramfs-tools/update-initramfs.conf

AUTHOR

       The initramfs-tools are written by Maximilian Attems <maks@debian.org>, Jeff Bailey <jbailey@raspberryginger.com> and numerous others.

SEE ALSO

	initramfs.conf(5), initramfs-tools(8), mkinitramfs(8).

Linux								    2008/12/19						       UPDATE-INITRAMFS(8)