Upstream has released version 1.680 today (May 21). The official release announcement and changelog hasn't been posted yet. Looking at the git commit log, it looks like there are fixes for multiple XSS issues, and another security issue in the cron module when specifying an invalid user. I'll post an advisory once the upstream changelog is available. Git commit log: https://github.com/webmin/webmin/commits/master Upstream changelog page: http://www.webmin.com/changes.html Updated packages in core/updates_testing: ======================== webmin-1.690-1.mga3 webmin-1.690-1.mga4 from SRPMS: webmin-1.690-1.mga3.src.rpm webmin-1.690-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Advisory: ======================== Updated webmin package fix security vulnerabilities: Webmin has been updated to version 1.690, which fixes a security issue in the cron module and several XSS issues in pop-up windows. References: http://www.webmin.com/changes.html
In VirtualBox, M3, KDE, 32-bit Package(s) under test: webmin default install of webmin [root@localhost wilcal]# urpmi webmin Package webmin-1.680-1.mga3.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. install webmin from updates_testing Stop and restart webmin. [root@localhost wilcal]# urpmi webmin Package webmin-1.690-1.mga3.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M3, KDE, 64-bit Package(s) under test: webmin default install of webmin [root@localhost wilcal]# urpmi webmin Package webmin-1.680-1.mga3.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. install webmin from updates_testing Stop and restart webmin. [root@localhost wilcal]# urpmi webmin Package webmin-1.690-1.mga3.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M4, KDE, 32-bit Package(s) under test: webmin default install of webmin [root@localhost wilcal]# urpmi webmin Package webmin-1.680-1.mga4.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. install webmin from updates_testing Stop and restart webmin. [root@localhost wilcal]# urpmi webmin Package webmin-1.690-1.mga4.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M4, KDE, 64-bit Package(s) under test: webmin default install of webmin [root@localhost wilcal]# urpmi webmin Package webmin-1.680-1.mga4.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. install webmin from updates_testing Stop and restart webmin. [root@localhost wilcal]# urpmi webmin Package webmin-1.690-1.mga4.noarch is already installed webmin works, I can use the functions that I often use. I can access webmin from another workstation on the LAN. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
For me this update works fine. Testing complete for mga3 32-bit & 64-bit Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
advisory added. Update pushed: http://advisories.mageia.org/MGASA-2014-0233.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXEDWhiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK advisory
URL: (none) => http://lwn.net/Vulnerabilities/600092/