Update awstats to 7.9


it is possible to update awstats to 7.9 which fixes #195/CVE-2020-35176

Hi @radexspox,

Hestia uses the package included in Debian/Ubuntu and those vulnerabilities are fixed in 7.8.x

Example in Debian 12

awstats (7.8-2) unstable; urgency=high

  * QA upload.
  * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
    accepts a partial absolute pathname (omitting the initial /etc), even
    though it was intended to only read a file in the
    /etc/awstats/awstats.conf format. NOTE: this issue exists because of
    an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
    Closes: #977190

 -- Håvard Flaget Aasen <[email protected]>  Tue, 02 Feb 2021 08:56:57 +0100

You can check it with this command:

apt changelog awstats

I see, but these are only bug fixes, no feature updates for new OS etc. AWStats is completly outdated and development is dead.

Again, Hestia uses the package included in the OS, if the OS doesn’t update it, it won’t be updated.

Again, its still outdated even in the OS.

I don’t know how to say it, if you want to use the last awstats version that is not included neither in latest Debian 12 nor Ubuntu 22.04, then you should remove the awstats package and install it on your own from other sources but keep in mind that you won’t get support from Hestia.

i think that my live will continue normally, even without hestia support :joy:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.