Sarg is vulnerable to the execution of arbitrary code when processed with untrusted input files.
|Package||net-analyzer/sarg on all architectures|
|Affected versions||< 2.2.5|
|Unaffected versions||>= 2.2.5|
Sarg (Squid Analysis Report Generator) is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc.
Sarg doesn't properly check its input for abnormal content when processing Squid log files.
There is no known workaround at this time.
All sarg users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sarg-2.2.5"