Bug 20799 - Request for update: webmin 1.840
Summary: Request for update: webmin 1.840
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://downloads.sourceforge.net/weba...
Whiteboard: MGA5-32-OK MGA5-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-05-07 17:08 CEST by Stig-Ørjan Smelror
Modified: 2017-05-21 22:29 CEST (History)
4 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Stig-Ørjan Smelror 2017-05-07 17:08:38 CEST 
New release of webmin, 1.840, is ready. Would love to see it included in MGA6.
Comment 1 Rémi Verschelde 2017-05-07 17:54:25 CEST 
Assigning to all packagers as webmin currently doesn't have a registered maintainer.

Assignee: bugsquad => pkg-bugs

Comment 2 Rémi Verschelde 2017-05-07 19:46:01 CEST 
Updated in Cauldron by David Walser.

Resolution: (none) => FIXED
Assignee: pkg-bugs => luigiwalser
Status: NEW => RESOLVED

Comment 3 David Walser 2017-05-07 19:59:22 CEST 
Thanks.  I'll update in Mageia 5 as well due to the security fixes.

webmin-1.840-1.mga5 has been pushed to updates_testing.

I will post an advisory when the upstream changelog has been updated:
http://www.webmin.com/changes.html

Resolution: FIXED => (none)
Status: RESOLVED => REOPENED
Assignee: luigiwalser => qa-bugs
Version: Cauldron => 5

Comment 4 Stig-Ørjan Smelror 2017-05-11 12:40:30 CEST 
Webmin changelog has been updated for version 1.840.
Comment 5 David Walser 2017-05-14 02:39:07 CEST 
Advisory:
========================

Updated webmin package fixes security vulnerabilities:

The webmin package has been updated to version 1.840, which fixes cross-site
scripting (XSS) issues, and has other bug fixes and enhancements.  See the
upstream release announcements and change log for details.

References:
http://www.webmin.com/
http://www.webmin.com/changes.html
========================

Updated packages in core/updates_testing:
========================
webmin-1.840-1.mga5

from webmin-1.840-1.mga5.src.rpm

CC: (none) => luigiwalser

Comment 6 William Kenney 2017-05-19 23:49:06 CEST 
In VirtualBox, M5.1, KDE, 64-bit

Package(s) under test:
webmin

default install of webmin

[root@localhost wilcal]# urpmi webmin
Package webmin-1.831-1.mga5.noarch is already installed

webmin is accessible at:
https://localhost:10000/
I can view the Hardware -> Partitions on Local Disks
I can view Servers -> Apache/ProFTPD/SSH
I can access webmin and do the same from another M5 system on the LAN at:
https://192.168.1.138:10000/
Main page is displaying:
Webmin version 1.840 is now available, but you are running version 1.831

install webmin from updates_testing
stop and restart webmin

[root@localhost wilcal]# urpmi webmin
Package webmin-1.840-1.mga5.noarch is already installed

webmin is accessible at:
https://localhost:10000/
I can view the Hardware -> Partitions on Local Disks
I can view Servers -> Apache/ProFTPD/SSH
I can access webmin and do the same from another M5 system on the LAN at:
https://192.168.1.138:10000/
Main page no longer displays new version message.
Main page indicates you are using Webmin version 1.840

CC: (none) => wilcal.int

William Kenney 2017-05-19 23:49:27 CEST

Whiteboard: (none) => MGA5-64-OK

Comment 7 William Kenney 2017-05-20 00:23:16 CEST 
In VirtualBox, M5.1, KDE, 32-bit

Package(s) under test:
webmin

default install of webmin

[root@localhost wilcal]# urpmi webmin
Package webmin-1.831-1.mga5.noarch is already installed

webmin is accessible at:
https://localhost:10000/
I can view the Hardware -> Partitions on Local Disks
I can view Servers -> Apache/ProFTPD/SSH
I can access webmin and do the same from another M5 system on the LAN at:
https://192.168.1.137:10000/
Main page is displaying:
Webmin version 1.840 is now available, but you are running version 1.831

install webmin from updates_testing
stop and restart webmin

[root@localhost wilcal]# urpmi webmin
Package webmin-1.840-1.mga5.noarch is already installed

webmin is accessible at:
https://localhost:10000/
I can view the Hardware -> Partitions on Local Disks
I can view Servers -> Apache/ProFTPD/SSH
I can access webmin and do the same from another M5 system on the LAN at:
https://192.168.1.137:10000/
Main page no longer displays new version message.
Main page indicates you are using Webmin version 1.840
William Kenney 2017-05-20 00:23:34 CEST

Whiteboard: MGA5-64-OK => MGA5-32-OK MGA5-64-OK

Comment 8 William Kenney 2017-05-20 00:24:08 CEST 
This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 9 David Walser 2017-05-20 00:24:24 CEST 
(In reply to William Kenney from comment #6)
> Main page is displaying:
> Webmin version 1.840 is now available, but you are running version 1.831

Thanks for pointing that out.  I am pretty sure I had had that disabled, but the code changes upstream probably allowed it to slip back through at some point.  I committed a change that should fix it, but I won't hold this update for it; it'll be included in the next update.

Component: RPM Packages => Security

Dave Hodgins 2017-05-20 22:35:17 CEST

Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory
CC: (none) => davidwhodgins

Comment 10 Mageia Robot 2017-05-21 22:29:37 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0142.html

Resolution: (none) => FIXED
Status: REOPENED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.