« previous next »
Pages: [1]

Author Topic: Update your webmin/virtualmin  (Read 1389 times)

BoL

  • Inner Core
  • Hero Member
  • *
  • Posts: 1208
    • View Profile
Update your webmin/virtualmin
« on: May 26, 2016, 11:18:55 AM »
Quote
There's a security bug in Authentic Theme shipped with Webmin devel versions 1.794 and 1.795; if you use any other theme, you're not vulnerable; and if you're running a non-devel version (1.790) you're not vulnerable. We'd audited Authentic for security issues before adding it to the default Webmin package a few months ago, but a new feature got added to the theme recently without proper code review.

https://www.lowendtalk.com/discussion/comment/1704132/#Comment_1704132

Since it's the kind of bug that could end up getting your entire server owned, best patch it if it applies to you.

Apparently it's being used in the wild and the devs have just been brought up to speed on it.
Logged

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9292
    • View Profile
Re: Update your webmin/virtualmin
« Reply #1 on: May 26, 2016, 04:52:27 PM »
Thanks for the alert.

I'm in the clear on this one, but good to know.

I have wondered about automatically running apt-get update and apt-get dist-upgrade daily (I know there are other ways to do this as a cron job, but effectively doing so, by whatever means).

As I found out a few years ago, in general it's better to have automatic updates crash your system than to have a lack of updates lead to an infected server.
Logged
Pages: [1]
« previous next »