Home > Security > Advisories


Mandriva Advisories

Package name webmin
Date July 18th, 2006
Advisory ID MDKSA-2006:125
Affected versions CS3.0, 2006.0
Synopsis Updated webmin packages fix arbitray file read vulnerability.

Problem Description

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path
function before decoding HTML, which allows remote attackers to read
arbitrary files. NOTE: This is a different issue than CVE-2006-3274.

Updated packages have been patched to correct this issue.

Updated Packages

Corporate Server 3.0

 9c95b1373fe69a80ebfe6262921fcc52  corporate/3.0/RPMS/webmin-1.121-4.6.C30mdk.noarch.rpm
 fc39f0e98dc5dcece871c18f7a1f3e09  corporate/3.0/SRPMS/webmin-1.121-4.6.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 9c95b1373fe69a80ebfe6262921fcc52  x86_64/corporate/3.0/RPMS/webmin-1.121-4.6.C30mdk.noarch.rpm
 fc39f0e98dc5dcece871c18f7a1f3e09  x86_64/corporate/3.0/SRPMS/webmin-1.121-4.6.C30mdk.src.rpm

Mandriva Linux 2006

 b389424c7b84f96e37c0db9dcb3e9b01  2006.0/RPMS/webmin-1.220-9.4.20060mdk.noarch.rpm
 eb4ea546b5d8a4a8401ddba2eee04aea  2006.0/SRPMS/webmin-1.220-9.4.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 b389424c7b84f96e37c0db9dcb3e9b01  x86_64/2006.0/RPMS/webmin-1.220-9.4.20060mdk.noarch.rpm
 eb4ea546b5d8a4a8401ddba2eee04aea  x86_64/2006.0/SRPMS/webmin-1.220-9.4.20060mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.