This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Webmin version 1.710 released

1 post / 0 new

Topic locked

#1 Tue, 09/30/2014 - 11:56

Joe

Webmin version 1.710 released

Howdy all,

I've just rolled out version 1.710 of Webmin to all repos. Some of our repos have been (intentionally) trailing behind on the Webmin release, so some repos are coming up from 1.690 (there was an annoying bug in 1.700, so we skipped it for some repos, and put 1.701 into some repos). But, this release was rushed out to help mitigate the bash shellshock exploit.

In a system with an exploitable bash version, Webmin could, theoretically (I don't know of any exploits in the wild, but it's probably only a matter of time) be used to provide privilege escalation to root for attackers who had already obtained user level access via other vectors, such as an attack through Apache or Postfix.

In short, updating bash is vastly more important than updating Webmin, but since bash wasn't historically in our list of updates to list in the front page, this may help prevent a serious problem from becoming even more serious. We've rolled out a new security-updates package, as well, to help insure all Virtualmin users have updated their bash package.

Changes since 1.690:

Support for CentOS 7, RHEL 7 and related distributions in all modules.
More German translation updates thanks to Raymond Vetter, and Catalan from Jaume Badiella.
Quotas on XFS filesystems on Linux can now be edited.
The Network Configuration module now supports the "ip" commmand if "ifconfig" is not installed.
Completely re-wrote the UI for the NFS Exports module to use the standard Webmin UI library, simplify selection of NFS v3 and v4 modes, and support more security types.
Added support for nslcd to the LDAP Client module, as seen on CentOS 6 and above.

Changes since 1.700:

Added additional protection against the Shellshock bug, for systems where bash is still vulnerable.
Added the iSCSI TGTd module, for configuring the iSCSI server seen on CentOS and Redhat Enterprise 6 and above.
More German translation updates thanks to Raymond Vetter, and Catalan from Jaume Badiella.
Added support for the FreeBSD pkgng binary package repository as an alternative to ports.

As always, let us know if you run into any problems.