[debug]

New webmin packages fix multiple vulnerabilities

-----------------------------------------------------------------
Debian Security Advisory DSA 526-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
July 3rd, 2004 http://www.debian.org/security/fa-----------------------------------------------------------------

Package : webmin
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0582 CAN-2004-0583

Two vulnerabilities were discovered in webmin:

CAN-2004-0582: Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.

CAN-2004-0583: The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

For the current stable distribution (woody), these problems have been fixed in version 0.94-7woody2.

For the unstable distribution (sid), these problems have been fixed in version 1.150-1.

We recommend that you update your webmin package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------