Bug 33521 - webmin new security issue CVE-2024-2169
Summary: webmin new security issue CVE-2024-2169
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-09-05 16:11 CEST by Nicolas Salguero
Modified: 2024-09-10 18:41 CEST (History)
5 users (show)

See Also:
Source RPM: webmin-2.105-1.mga10.src.rpm
CVE: CVE-2024-2169
Status comment: Fixed upstream in 2.202


Attachments

Description Nicolas Salguero 2024-09-05 16:11:25 CEST
CVE-2024-2169 was announced here:
https://www.openwall.com/lists/oss-security/2024/09/04/1
Nicolas Salguero 2024-09-05 16:12:31 CEST

Whiteboard: (none) => MGA9TOO
Source RPM: (none) => webmin-2.105-1.mga10.src.rpm
CVE: (none) => CVE-2024-2169
Status comment: (none) => Fixed upstream in 2.202

Comment 1 Marja Van Waes 2024-09-06 21:11:39 CEST
@ Stig

There is no registered maintainer for webmin, but you are the de facto maintainer, so assigning to you.

If you don't agree, then please re-assign to all packagers collectively or to bugsquad.

CC: (none) => marja11
URL: (none) => https://www.openwall.com/lists/oss-security/2024/09/04/1
Assignee: bugsquad => smelror

Comment 2 Stig-Ørjan Smelror 2024-09-07 17:28:50 CEST
Advisory
========

Webmin has been updated to the latest version to fix CVE-2024-2169.

CVE-2024-2169: Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

References
==========

https://www.openwall.com/lists/oss-security/2024/09/04/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-2169


Files
=====

Uploaded to core/updates_testing

webmin-2.202-1.mga9

from webmin-2.202-1.mga9.src.rpm

Assignee: smelror => qa-bugs
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)

Comment 3 Stig-Ørjan Smelror 2024-09-07 17:29:04 CEST
Cauldron has been updated as well.

CC: (none) => smelror

katnatek 2024-09-07 18:48:02 CEST

Keywords: (none) => advisory

Comment 4 Herman Viaene 2024-09-09 12:17:45 CEST
MGA9-64 server Plasma Wayland on HP-Pavillion
No installation issues.
Checked a number of modules mainly checking info like wifi printer, all looks OK.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2024-09-10 03:09:03 CEST
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Mageia Robot 2024-09-10 18:41:29 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0290.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.