A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
In general, a standard system upgrade is sufficient to effect the
awstats did not fully sanitize input, which was passed directly to the user's
browser, allowing for an XSS attack. If a user was tricked into following a
specially crafted awstats URL, the user's authentication information could be
exposed for the domain where awstats was hosted. (CVE-2006-3681)
awstats could display its installation path under certain conditions.
However, this might only become a concern if awstats is installed into
an user's home directory. (CVE-2006-3682)