ASA-201902-18 generated external raw

[ASA-201902-18] hiawatha: directory traversal
Arch Linux Security Advisory ASA-201902-18 ========================================== Severity: High Date : 2019-02-16 CVE-ID : CVE-2019-8358 Package : hiawatha Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-900 Summary ======= The package <a href="/package/hiawatha">hiawatha</a> before version 10.8.4-1 is vulnerable to directory traversal. Resolution ========== Upgrade to 10.8.4-1. # pacman -Syu "hiawatha>=10.8.4-1" The problem has been fixed upstream in version 10.8.4. Workaround ========== None. Description =========== In <a href="/package/hiawatha">Hiawatha</a> before 10.8.4 a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Impact ====== A remote attacker is able to read arbitrary files from a hiawatha server. References ========== https://www.hiawatha-webserver.org/changelog https://security.archlinux.org/CVE-2019-8358