Current Hestiacp has v7.8 in 7.9 some fixes include #195/CVE-2020-35176 and in v8.0 there are some smaller fixes.
How do we upgrade to the latest version V8.0?
Hestia uses the awstats version provided by the OS.
❯ dpkg -l | grep -E '^ii\s*awstats' | awk '{print $3}'
7.8-3+deb12u1
In this case, even using version 7.8 in Debian Bookworm, it has all security fixes.
For example:
❯ apt-get changelog awstats | cat | grep -A7 -B3 2020-35176
awstats (7.8-2) unstable; urgency=high
* QA upload.
* CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
accepts a partial absolute pathname (omitting the initial /etc), even
though it was intended to only read a file in the
/etc/awstats/awstats.conf format. NOTE: this issue exists because of
an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
Closes: #977190
-- Håvard Flaget Aasen <[email protected]> Tue, 02 Feb 2021 08:56:57 +0100
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.