| Summary: | webmin new security issue fixed upstream in 1.979 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | webmin-1.970-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-06-16 01:52:33 CEST
David Walser
2021-06-16 01:52:41 CEST
Whiteboard:
(none) =>
MGA7TOO We already have in Cauldron versions 1.972, 3, 4 and just, enigmatically: Mon Jun 14 version 0.979 - typo in SVN? Assigning this to Stig who did them all. Assignee:
bugsquad =>
smelror Advisory: ======================== Updated webmin package fixes security vulnerability: The webmin package has been updated to version 1.979, which has fixes for handling un-trusted inputs in the Network Configuration module. Also, the openvpn module has been updated to version 3.2. References: https://www.webmin.com/changes.html https://www.openit.it/index.php/en/downloads?task=viewcategory&catid=7 ======================== Updated packages in core/updates_testing: ======================== webmin-1.979-1.mga7 webmin-1.979-1.mga8 from SRPMS: webmin-1.979-1.mga7.src.rpm webmin-1.979-1.mga8.src.rpm Assignee:
smelror =>
qa-bugs file /usr/share/webmin/blue-theme from install of webmin-1.979-1.mga7.noarch conflicts with file from package webmin-1.960-1.mga7.noarch CC:
(none) =>
davidwhodgins The update is replacing a directory with a symlink. https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replace= ment/#_scriptlet_to_replace_a_directory Reassigning back to security team. Assignee:
qa-bugs =>
security Sorry for the url wrap https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/#_scriptlet_to_replace_a_directory Technically the security team and packaging team are separate, so you shouldn't assign bugs to it. Thanks for checking, and I'll fix it later. Assignee:
security =>
luigiwalser Should be fixed in webmin-1.979-1.1 Assignee:
luigiwalser =>
qa-bugs MGA7-64 Plasma on Lenovo B50 No installation issues. Checked different modules, no obvious problems. CC:
(none) =>
herman.viaene MGA-64 Plasma on Lenovo B50 No installation issues. Checked different modules, no obvious problems. Whiteboard:
MGA7TOO MGA7-64-OK =>
MGA7TOO MGA7-64-OK MGA8-64-OK Validating. Advisory in Comment 2, except for the revised srpm in Comment 7. Keywords:
(none) =>
validated_update type: security
subject: Updated webmin package fixes security vulnerability
src:
7:
core:
- webmin-1.979-1.1.mga7
8:
core:
- webmin-1.979-1.1.mga8
description: |
The webmin package has been updated to version 1.979, which has fixes for
handling un-trusted inputs in the Network Configuration module.
Also, the openvpn module has been updated to version 3.2.
references:
- https://bugs.mageia.org/show_bug.cgi?id=29137
- https://www.webmin.com/changes.html
- https://www.openit.it/index.php/en/downloads?task=viewcategory&catid=7Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0344.html Resolution:
(none) =>
FIXED |