Kwiintsuku ezithile ezidlulileyo Inguqulelo entsha yeWebmin yakhutshwa ukuze kuncitshiswe ubungozi obuchongwe njengangaphandle (CVE-2019-15107), efumaneka kwiinguqulelo ezisemthethweni zeprojekthi, esasazwa kwiSourceforge.
Indawo engaphandle efumanekayo yayikhona kwiinguqulelo ezisusela kowe-1.882 ukuya kowe-1.921 kubandakanya (bekungekho khowudi inegumbi elingaphandle kwindawo yokugcina izinto ze-git) kwaye uvunyelwe ukwenza imiyalelo yeqokobhe elingenakuphikiswa kwinkqubo yeengcambu ezikude kude ngaphandle kokungqinisisa.
Malunga neWebmin
Kulabo abangazi ngeWebmin kufuneka bayazi loo nto Le yiphaneli yokulawula esekwe kwiwebhu yokulawula iinkqubo zeLinux. Inika ujongano olunomdla nolusebenzisekayo ukulawula iserver yakho. Iinguqulelo zamva nje zeWebmin zinokufakwa kwaye ziqhutywe kwiinkqubo zeWindows.
NgeWebmin, ungatshintsha useto lweephakeji kubhabho, kubandakanya iiseva zewebhu kunye noovimba beenkcukacha, kunye nokulawula abasebenzisi, amaqela kunye neephakeji zesoftware.
IWebmin ivumela umsebenzisi ukuba abone iinkqubo ezisebenzayo, kunye neenkcukacha malunga neephakeji ezifakiweyo, lawula iifayile zenkqubo yokungena, hlela iifayile zoqwalaselo lwenethiwekhi, yongeza imigaqo ye-firewall, qwalasela indawo yexesha kunye newotshi yenkqubo, yongeza iiprinta ngeCUPS, uluhlu olufakelwe iimodyuli zePerl, qwalasela i-SSH okanye iServer DHCP, kunye nomphathi werekhodi we-DNS.
IWebmin 1.930 ifika ishenxisa umnyango wangaphandle
Inguqulelo entsha yeWebmin yenguqulo 1.930 yakhutshwa ukujongana nokuba semngciphekweni wokuphunyezwa kwekhowudi. Obu bungozi bukhona esidlangalaleni ngokuxhaphaza iimodyuli, yintoni ibeka iinkqubo ezininzi zolawulo lwe-UNIX emngciphekweni.
Iingcebiso ngezokhuseleko zibonisa ukuba inguqulelo eyi-1.890 (CVE-2019-15231) isemngciphekweni kuqwalaselo olungagqibekanga, ngelixa ezinye iinguqulelo ezichaphazelekayo zifuna ukhetho "lokutshintsha igama lomsebenzisi".
Malunga nokuba sesichengeni
Umhlaseli angathumela isicelo esibi se-http kwiphepha lesicelo sokusetha kwakhona iphasiwedi ukujova ikhowudi kwaye uthathe isicelo sewebhu sewebhu. Ngokwengxelo yokuba semngciphekweni, uhlaselo aludingi gama lomsebenzisi okanye ipaswedi ukusebenzisa eli phutha.
Ubukho beli phawu kuthetha ukuba eObu bungozi bunokubakho kwiWebmin ukusukela ngoJulayi 2018.
Uhlaselo lufuna ubukho bezibuko ezivulekileyo zenethiwekhi kunye neWebmin kunye nomsebenzi kwi-web interface yomsebenzi ukutshintsha iphasiwedi ephelelwe lixesha (ngokungagqibekanga yenziwe ukuba yakhiwe ngo-1.890, kodwa ikhubazekile kwezinye iinguqulelo).
Ingxaki yalungiswa kuhlaziyo lwe-1.930.
Ingxaki yafunyanwa kwi-password_change.cgi script, apho umsebenzi we-unix_crypt usetyenziselwa ukuqinisekisa iphasiwedi endala efakwe kwifom yewebhu, ethumela iphasiwedi efunyenwe kumsebenzisi ngaphandle kokubaleka abalinganiswa abakhethekileyo
Kwindawo yokugcina izinto ze-git, lo msebenzi unxibelelwano kwimodyuli ye-Crypt :: UnixCrypt kwaye ayisiyongozi, kodwa kwifayile yomthombo obonelelwe ngekhowudi, ikhowudi ibizwa ngokuba ingena ngqo / njl / isithunzi, kodwa yenza njalo ngeqokobhe lokwakha.
Ukuhlasela, bonisa nje uphawu «|» ebaleni ngegama eligqithisiweyo elidala kwaye le khowudi ilandelayo iya kusebenza kunye neengcambu amalungelo kwiseva.
Ngokwengxelo evela kubaphuhlisi beWebmin, ikhowudi enobungozi ithathe indawo yesiphumo sengozi yeziseko zophuhliso.
Iinkcukacha kusafuneka zibhengezwe, ke ayicacanga into yokuba utyando lwalunqunyelwe kulawulo lweakhawunti eSourceforge okanye ukuba luchaphazele ezinye izinto kwindibano yeWebmin kunye nakwiziseko zophuhliso.
Umcimbi uchaphazele ne-Usermin eyakhayo. Okwangoku zonke iifayile zokuqalisa zakhiwe kwakhona kwi-Git.