Nom du paquet
webmin
Date
2006-07-18
Advisory ID
MDKSA-2006:125
Affected versions
CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64

Problem description

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path
function before decoding HTML, which allows remote attackers to read
arbitrary files. NOTE: This is a different issue than CVE-2006-3274.

Updated packages have been patched to correct this issue.

Updated packages

CS3.0 i586

 9c95b1373fe69a80ebfe6262921fcc52  corporate/3.0/RPMS/webmin-1.121-4.6.C30mdk.noarch.rpm
 fc39f0e98dc5dcece871c18f7a1f3e09  corporate/3.0/SRPMS/webmin-1.121-4.6.C30mdk.src.rpm

2006.0 i586

 b389424c7b84f96e37c0db9dcb3e9b01  2006.0/RPMS/webmin-1.220-9.4.20060mdk.noarch.rpm
 eb4ea546b5d8a4a8401ddba2eee04aea  2006.0/SRPMS/webmin-1.220-9.4.20060mdk.src.rpm

2006.0 x86_64

 b389424c7b84f96e37c0db9dcb3e9b01  x86_64/2006.0/RPMS/webmin-1.220-9.4.20060mdk.noarch.rpm
 eb4ea546b5d8a4a8401ddba2eee04aea  x86_64/2006.0/SRPMS/webmin-1.220-9.4.20060mdk.src.rpm

CS3.0 x86_64

 9c95b1373fe69a80ebfe6262921fcc52  x86_64/corporate/3.0/RPMS/webmin-1.121-4.6.C30mdk.noarch.rpm
 fc39f0e98dc5dcece871c18f7a1f3e09  x86_64/corporate/3.0/SRPMS/webmin-1.121-4.6.C30mdk.src.rpm

References