Advisories » MGASA-2015-0344

Updated webmin packages fix CVE-2015-1990

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-1990

Description

Updated webmin package fixes security vulnerability:

A malicious website could create links or Javascript referencing the xmlrpc.cgi
script, triggered when a user logged into Webmin visits the attacking site
(CVE-2015-1990).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16168
• http://www.webmin.com/changes.html
• http://www.webmin.com/security.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1990

SRPMS

4/core

• webmin-1.760-1.mga4

5/core

• webmin-1.760-1.mga5