Summary: | sysutils/webmin: needs updating to 1.930 for security | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Delta Regeer <xistence> |
Component: | Individual Port(s) | Assignee: | Jimmy Olgeni <olgeni> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | emaste |
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(olgeni) |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any | ||
Bug Depends on: | |||
Bug Blocks: | 239957 |
Description
Delta Regeer
2019-08-18 22:17:09 UTC
A commit references this bug: Author: olgeni Date: Sun Aug 18 22:53:13 UTC 2019 New revision: 509243 URL: https://svnweb.freebsd.org/changeset/ports/509243 Log: Update sysutils/webmin to version 1.930. Contains fix for CVE-2019-15107. From https://virtualmin.com/node/66890: To exploit the malicious code, your Webmin installation must have Webmin -> Webmin Configuration -> Authentication -> Password expiry policy set to Prompt users with expired passwords to enter a new one. This option is not set by default, but if it is set, it allows remote code execution. PR: 239956 Submitted by: Bert JW Regeer <xistence@0x58.com> Security: CVE-2019-15107 Changes: head/sysutils/webmin/Makefile head/sysutils/webmin/distinfo head/sysutils/webmin/pkg-plist Pending MFH to 2019Q3. A commit references this bug: Author: olgeni Date: Tue Aug 20 10:46:01 UTC 2019 New revision: 509417 URL: https://svnweb.freebsd.org/changeset/ports/509417 Log: MFH: r509243 r509244 Update sysutils/webmin to version 1.930. Contains fix for CVE-2019-15107. From https://virtualmin.com/node/66890: To exploit the malicious code, your Webmin installation must have Webmin -> Webmin Configuration -> Authentication -> Password expiry policy set to Prompt users with expired passwords to enter a new one. This option is not set by default, but if it is set, it allows remote code execution. PR: 239956 Submitted by: Bert JW Regeer <xistence@0x58.com> Security: CVE-2019-15107 Update sysutils/usermin to version 1.780. PR: 239957 Approved by: ports-secteam (joneum) Changes: _U branches/2019Q3/ branches/2019Q3/sysutils/usermin/Makefile branches/2019Q3/sysutils/usermin/distinfo branches/2019Q3/sysutils/usermin/pkg-plist branches/2019Q3/sysutils/webmin/Makefile branches/2019Q3/sysutils/webmin/distinfo branches/2019Q3/sysutils/webmin/pkg-plist |