Package name
webmin
Date
2014-03-17
Advisory ID
MDVSA-2014:062
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities was discovered and corrected in webmin:

Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that
impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982,
CVE-2012-2983, CVE-2012-4893, SA51201).

The 1.680 version fixed security issues that could be exploited by
un-trusted Webmin users in the PHP Configuration and Webalizer modules.

The Authen::Libwrap perl module used by Webmin is also being provided.

The updated packages have been upgraded to the 1.680 version which
is not vulnerable to these issues.

Updated packages

MES5 i586

 b76972171f63033b2f329e6490976419  mes5/i586/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.i586.rpm
 ac443c2645558464be805b492db9baeb  mes5/i586/webmin-1.680-0.1mdvmes5.2.noarch.rpm 
 4b77afd5678423a573747acd179fa239  mes5/SRPMS/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.src.rpm
 cd4fb9d6f928dc92f5430ec9a085620e  mes5/SRPMS/webmin-1.680-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 9c2db8945efb78cb14b62bf684c3ac8a  mbs1/x86_64/perl-Authen-Libwrap-0.220.0-2.mbs1.x86_64.rpm
 fbf3cbaf7c38211734c7e194478266a4  mbs1/x86_64/webmin-1.680-1.mbs1.noarch.rpm 
 9ab9a3275bfc6c78087d948d9d6dd499  mbs1/SRPMS/perl-Authen-Libwrap-0.220.0-2.mbs1.src.rpm
 c1b87681dfd413012e0867c8109629ac  mbs1/SRPMS/webmin-1.680-1.mbs1.src.rpm

MES5 x86_64

 c3caa33d699773dc6e425c6363c6df8f  mes5/x86_64/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.x86_64.rpm
 11118140d6c7b10d0d09daeb3e31991b  mes5/x86_64/webmin-1.680-0.1mdvmes5.2.noarch.rpm 
 4b77afd5678423a573747acd179fa239  mes5/SRPMS/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.src.rpm
 cd4fb9d6f928dc92f5430ec9a085620e  mes5/SRPMS/webmin-1.680-0.1mdvmes5.2.src.rpm

References