Date: Wed, 21 Nov 2001 06:34:49 +0100 From: dirk.meyer@dinoex.sub.org (Dirk Meyer) To: ports@freebsd.org Subject: Vulnerability in webalizer prior 2.1.9 Message-ID: </7DVo2ecLr@dmeyer.dinoex.sub.org>
next in thread | raw e-mail | index | archive | help
Warning: There is a cross-site scripting vulnerability in webalizer which can allow an attacker to exploit a victim by embedding malicious HTML tags in webalizer-generated reports. This update fixes the aforementioned cross-site scripting vulnerability reported by Magnux Software. This updated version also fixes a date calculation overflow error and enables DNS resolution provided it is enabled in the webalizer configuration file. vulnerable versions: All version 2.x up to 2.1.6_4 2001/10/25 updated in the ports tree. 2001/11/03 email to security-officer@FreeBSD.org Packages need to build/fetched: webalizer-2.1.9 de-webalizer-2.1.9 uk-webalizer-2.1.9 kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany links: http://www.securityfocus.com/archive/1/222556 http://www.securityfocus.com/advisories/3628 http://www.securityfocus.com/archive/1/223798 http://www.securityfocus.com/advisories/3634 http://www.securityfocus.com/archive/1/224274 http://www.securityfocus.com/advisories/3643 http://www.securityfocus.com/bid/3473 http://www.securityfocus.com/archive/1/225254 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?/7DVo2ecLr>