Mandriva Linux Security Advisory : webmin (MDVSA-2014:062)
Medium Nessus Plugin ID 73066
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities was discovered and corrected in webmin :
Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, SA51201).
The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules.
The Authen::Libwrap perl module used by Webmin is also being provided.
The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
SolutionUpdate the affected perl-Authen-Libwrap and / or webmin packages.