MGASA-2013-0125
Date: | May 2nd, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated webmin package fixes security vulnerabilities:
Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that
impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982,
CVE-2012-2983, CVE-2012-4893, SA51201).
Additionally, several issues with Webmin module configurations and its
usage of urpmi for installing and upgrading packages have been fixed.
Modules that are not relevant to Mageia systems have been removed. When
installed under systemd, the webmin service should now be immediately
usable.
The Authen::Libwrap perl module used by Webmin is also being provided.
Updated Packages:
i586:
webmin-1.620-1.1.mga2.noarch.rpm
perl-Authen-Libwrap-0.220.0-1.mga2.i586.rpm
perl-Authen-Libwrap-debug-0.220.0-1.mga2.i586.rpm
x86_64:
webmin-1.620-1.1.mga2.noarch.rpm
perl-Authen-Libwrap-0.220.0-1.mga2.x86_64.rpm
perl-Authen-Libwrap-debug-0.220.0-1.mga2.x86_64.rpm
SRPMS:
webmin-1.620-1.1.mga2.src.rpm
perl-Authen-Libwrap-0.220.0-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4893
http://www.securelist.com/en/advisories/50512
http://secunia.com/advisories/51201/
http://www.webmin.com/security.html
http://www.webmin.com/updates.html
https://bugs.mageia.org/show_bug.cgi?id=3444
https://bugs.mageia.org/show_bug.cgi?id=7803