The webmin site says that a security issue in the Authentic theme was fixed in 1.801 (and possibly 1.810): http://www.webmin.com/ http://www.webmin.com/changes.html Update to 1.831 checked into Mageia 5 SVN (pending freeze push in Cauldron).
Advisory: ======================== Updated webmin package fixes security vulnerability: The webmin package has been updated to version 1.831, fixing possible security issues in the Authentic theme (fixed in 1.801 and/or 1.810), and containing several other bug fixes and enhancements. See the upstream release announcements and change log for details. References: http://www.webmin.com/ http://www.webmin.com/changes.html ======================== Updated packages in core/updates_testing: ======================== webmin-1.831-1.mga5 from webmin-1.831-1.mga5.src.rpm
Assignee: bugsquad => qa-bugs
MGA5-32 on AcerD620 Xfce No installation issues A CLI I got $ webmin Starting webmin (via systemctl): [ OK ] Installation problem. Please reinstall. Started webmin from https://localhost:10000/ and could login . Used it to look at System modules, mysql and apache server. All looks well.
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
CC: (none) => lewyssmithWhiteboard: MGA5-32-OK => MGA5-32-OK advisory
Testing Mageia 5 x64 BEFORE the update: webmin-1.760-1.mga5 # webmin Starting webmin (via systemctl): [ OK ] Launching `/usr/bin/www-browser' with param `https://localhost:10000/' was not immediately successful. It launched Firefox which complained on several fronts: first that it had not been used for some time - untrue! - and wanting to refresh itself; mystery. Then "Your connection is not safe" "The owner of localhost has configured its website incorrectly. To prevent your details from being stolen, Firefox has not connected to the website". 'Advanced' shows: "localhost:10000 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for * Error code: SEC_ERROR_UNKNOWN_ISSUER" With trepidation for the future, hoping it will not have wider implications, I permitted this exception (as invited to), and ended up with the Webmin login screen. What to enter? Normal user/PW failed, 'root'/PW worked. The entry screen showed "Webmin version 1.831 is now available, but you are running version 1.760." and looked complete. Logged out, closed Firefox. AFTER update: webmin-1.831-1.mga5 https://localhost:10000/ immediately showed the login screen. Logged in as root, added a new user to see & do everything, used that to look around. Impressive application! Update OK, validating, advisoried already.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK advisory => MGA5-32-OK advisory MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0017.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => https://lwn.net/Vulnerabilities/711587/