Bug 14138

Summary: [CVE 21] webmin 2.001 CVEs
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: a.proklov, e.malashin, s.matveev, survolog
Version: AllFlags: v.potapov: qa_verified+
v.potapov: secteam_verified?
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2022-3844,CVE-2023-43309
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2023-12-08 13:38:37 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2022-3844 medium
Comment 1 Grigorev Andrey 2023-12-08 14:51:38 MSK 
Tarballn from link https://sourceforge.net/projects/webadmin/files/webmin/2.001/webmin-2.001.tar.gz
It does not contain xterm directory where the vulnerability was found.
Comment 2 Vladimir Potapov 2024-01-12 17:06:27 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2023-43309 Exploit!

Может, просто версию минорно поднять?
Comment 3 Svyatoslav Matveev 2024-01-17 17:02:34 MSK 
********** QA ADVISORY **********

обновление webmin до последней версии
которые закрывают все уязвимости.

*** webmin
**  upd: 2.001 .. 2.105

https://abf.io/build_lists/4956885
https://abf.io/build_lists/4956886
https://abf.io/build_lists/4956887
https://abf.io/build_lists/4956888
https://abf.io/build_lists/4956889

**  rosa2021.15
*** webmin
**  upd: 2.001 .. 2.105

https://abf.io/build_lists/4956890
https://abf.io/build_lists/4956891
https://abf.io/build_lists/4956892
Comment 4 e.malashin@rosalinux.ru 2024-01-17 19:07:13 MSK 
The update sent to testings
Comment 5 Vladimir Potapov 2024-01-23 10:26:37 MSK 
webmin-2.105-1
https://abf.io/build_lists/4956885
https://abf.io/build_lists/4956886
https://abf.io/build_lists/4956887
https://abf.io/build_lists/4956888
https://abf.io/build_lists/4956889
****************************** Advisory *****************************
Up to 3.105 with CVEs fix
*********************************************************************
QA Verified