this from the cobalt users list:

"Hi there,

Webalizer has been updated to version 2.01-09 to fix a recently
discovered vulnerability. I would advise anyone running an older
version to upgrade as soon as possible. For more information:

http://www.mrunix.net/webalizer/news.html

Regards,

Glen Scott"



has anyone added the patch on a raq4?

I do not know of a patch, although you just need to upgrade to the latest version.

Here is how we upgraded from 2.01-06(vulnerable) to 2.01-09(not vulnerable) . I suppose this would work for any version of webalizer.

Grab webalizer-2.01-09-static.gz from ftp.mrunix.com/pub/webalizer

Su to root, unzip - gunzip webalizer-2.01-09-static.gz

Backup webalizer - cp /usr/bin/webalizer /usr/bin/webalizer.bak

Move your new version into place - mv webalizer-2.01-09- static /usr/bin/webalizer

Chmod your new version - 755 /usr/bin/webalizer

Wait for webalizer to run via cron.

Regards
Mike