From Mageia wiki
Jump to: navigation, search

MGASA-2013-0125

Date: May 2nd, 2013
Affected releases: 2
Media: Core


Description:
Updated webmin package fixes security vulnerabilities:

Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that
impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982,
CVE-2012-2983, CVE-2012-4893, SA51201).

Additionally, several issues with Webmin module configurations and its
usage of urpmi for installing and upgrading packages have been fixed.
Modules that are not relevant to Mageia systems have been removed. When
installed under systemd, the webmin service should now be immediately
usable.

The Authen::Libwrap perl module used by Webmin is also being provided.


Updated Packages:
i586:
webmin-1.620-1.1.mga2.noarch.rpm
perl-Authen-Libwrap-0.220.0-1.mga2.i586.rpm
perl-Authen-Libwrap-debug-0.220.0-1.mga2.i586.rpm

x86_64:
webmin-1.620-1.1.mga2.noarch.rpm
perl-Authen-Libwrap-0.220.0-1.mga2.x86_64.rpm
perl-Authen-Libwrap-debug-0.220.0-1.mga2.x86_64.rpm

SRPMS:
webmin-1.620-1.1.mga2.src.rpm
perl-Authen-Libwrap-0.220.0-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4893
http://www.securelist.com/en/advisories/50512
http://secunia.com/advisories/51201/
http://www.webmin.com/security.html
http://www.webmin.com/updates.html
https://bugs.mageia.org/show_bug.cgi?id=3444
https://bugs.mageia.org/show_bug.cgi?id=7803