[SECURITY] [DLA 4509-1] awstats security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4509-1] awstats security update
From: "Chris Lamb" <lamby@debian.org>
Date: Wed, 25 Mar 2026 14:00:00 -0700
Message-id: <[🔎] 177446567428.3188639.8779154233452163550@bigcat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4509-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
March 25, 2026                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : awstats
Version        : 7.8-2+deb11u2
CVE ID         : CVE-2025-63261

It was discovered that there was a potential command injection
vulnerability in awstats, an analytics tool for web servers and
similar services.

For Debian 11 bullseye, this problem has been fixed in version
7.8-2+deb11u2.

We recommend that you upgrade your awstats packages.

For the detailed security status of awstats please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/awstats

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmnEMogACgkQHpU+J9Qx
HljHfg//XD2z5DOapKkoVD2GMDro7Pa0FAeYBAZt98mginMH3w/pK5x5At5RT6ND
VNrVKb/fAWbjVIETRYEzq5AXSLLBFQocdEWT5AUSsfhH/7GzCx14kjx0nD2QyeVW
MNM7Lc9QIMY7L1P7eO1PjW6yaTDD2jdbj4iHfbhWTQ8TNyoOIuQhp1E6Eusd2gXR
jxMMPSDVxY+8v9+twKiIY7D4T+8kvIvnZqrAB01EeC2Zvrsan5jdC5osBt7Ee5xR
KOFisCe5cyoGR19XZdXdtauNJX29iiN/N7G4RATRUL5Bl1I0ZuazaGMhs41ZFpBo
pUf9F/RtRgPLM3D44PObGAyYVDKR5KCbpD7P7R/ElHNEYrU4jD+0cZObzsANNO5W
gDxo5NQtNrYz3o1sqAapfPC6HbqV4IWV+C9/Px86FTgruujfz+stMmt8E/yCn+Ih
8qoyzgtN1FilSL5DhpZBsEc2la6ctywScy4MKEjc93X4Tatb47URYyqE4xeGFGP5
FPwLv+BTdMNWUiXcBv777fDWYPl3SAf5xXniiWp3wFmP5txjs5SPFNJ8s5QXG7o5
/VUeIaHDKA8bmYzcBewI4RJo7CN5zsqiUDj4RE8s7ovENts/umEzVsKt/oDprhGN
PGQsY8LBjIC9BwY3SiMdJTpT+qoNFe6Bv4BYm+cSayE/8dDziV0=
=mzpF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4508-1] nss security update
Next by Date: [SECURITY] [DLA 4510-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 4508-1] nss security update
Next by thread: [SECURITY] [DLA 4510-1] firefox-esr security update
Index(es):
- Date
- Thread