[prev in list] [next in list] [prev in thread] [next in thread]
List: webmin-l
Subject: Re: [webmin-l] Webmin 1.620 and Usermin 1.540 released
From: "Jamie Cameron" <jcameron () webmin ! com>
Date: 2013-03-12 14:28:32
Message-ID: 1363098512.559 () webmin ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Fajar,
Are you running OpenSSL version 1.0.1 or later? Only those versions support
the new option to properly disable SSL compression.
On 12/Mar/2013 03:53 Fajar Priyanto <fajarpri@arinet.org> wrote ..
Hi Jamie,
I've upgraded from Webmin 1.580-1 to 1.620-1, hoping that "CRIME/TLS" attack
would be resolved. So, I tick mark "Allow compressed SSL connections?" to
no.
And restart webmin.
But after scanning it with Nessus, it still says that Webmin has that
vulnerability. I'm running webmin on Centos 5.8.
Is there something that I miss? Some log files I can see what's going on?
Thank you.
On Thu, Feb 7, 2013 at 9:42 AM, Jamie Cameron <[1]jcameron@webmin.com>
wrote:
Hi everyone,
Webmin version 1.620 is now available for download from
[2]http://www.webmin.com/ . This release includes the following
major changes :
* Norwegian updates, thanks to Stein-Aksel Basma, Catalan updates,
thanks to Jaume Badiella, German translation updates, thanks
to Raymond Vetter, and Polish translation updates from Piotr Kozica.
* Fixed an XSS attack in miniserv error messages, and added an option
to disable SSL compression to defeat the BEAST attack.
* Bridges not connected to any interface can be created in the Network
Configuration module.
* Webmin scheduled functions can now be viewed and run in the Webmin
Configuration module. Also fixed a problem in which a long-running
function could prevent Webmin from restarting.
* Init scripts that hang forever when asked for their status will no
longer hang the UI in the Bootup and Shutdown module.
* Added a form in the Webmin Configuration module for testing mail server
settings.
* Added BTRFS support to the Disk and Network Filesystems module, and
removed
some obsolete filesystems.
* Improved support for FreeBSD 9 and 10 in the Apache and filesystems
modules.
* Support for custom quota files in the Disk Quotas module.
* Handle the case where the root filesystem is on /dev/root (as seen on
CentOS
5.9) in the Disk Quotas module.
* Added links from the System Information page to relevant modules, and a
display
of CPU and drive temperatures.
* Improved detection of in-use ports when changing the Webmin port.
* Added XZ compression format support in the Filesystem Backup module.
* The LDAP attribute userPassword for users and groups is no longer
set if not needed.
Also available is Usermin 1.540, which includes the same translation
updates.
As always, please send me any bug reports or feature suggestions that
you might have.
- Jamie
--------------------------------------------------------------------------
----
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
[3]http://p.sf.net/sfu/sophos-d2d-feb
-
Forwarded by the Webmin mailing list at
[4]webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
[5]http://lists.sourceforge.net/lists/listinfo/webadmin-list
--
To dream and to write ^^
[6]http://mars.arinet.org
1. file://localhost/home/webmail/homes/jcameron/.tmp/reply_mail.cgi?new=1&to=jcameron%40webmin%2Ecom
4. file://localhost/home/webmail/homes/jcameron/.tmp/reply_mail.cgi?new=1&to=webadmin%2Dlist%40lists%2Esourceforge%2Enet
[Attachment #5 (text/html)]
<p>Hi Fajar,<br /><br />Are you running OpenSSL version 1.0.1 or later? Only those \
versions support the new option to properly disable SSL compression. </p> <p>On \
12/Mar/2013 03:53 Fajar Priyanto <fajarpri@arinet.org> wrote .. </p>
<blockquote type="cite">
<div dir="ltr">Hi Jamie,
<div>I've upgraded from Webmin 1.580-1 to 1.620-1, hoping that \
"CRIME/TLS" attack would be resolved. So, I tick mark "<strong \
style="font-size: 13px; color: #333333; font-family: sans-serif; background-color: \
#efefef;">Allow compressed SSL connections?" to no.</strong></div> <div>And \
restart webmin.</div> <div><br /></div>
<div>But after scanning it with Nessus, it still says that Webmin has that \
vulnerability. I'm running webmin on Centos 5.8.</div>
<div>Is there something that I miss? Some log files I can see what's going \
on?</div> <div>Thank you.</div>
</div>
<div class="gmail_extra"><br /><br />
<div class="gmail_quote">On Thu, Feb 7, 2013 at 9:42 AM, Jamie Cameron <span \
dir="ltr"><<a href="reply_mail.cgi?new=1&to=jcameron%40webmin%2Ecom" \
target="_blank">jcameron@webmin.com</a>></span> wrote:<br /> <blockquote \
class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; \
border-left-color: #cccccc; border-left-style: solid; padding-left: 1ex;">Hi \
everyone,<br /> <br /> Webmin version 1.620 is now available for download from<br /> \
<a href="http://www.webmin.com/" target="_blank">http://www.webmin.com/</a> . This \
release includes the following<br /> major changes :<br /> <br />
* Norwegian updates, thanks to Stein-Aksel Basma, Catalan updates,<br />
thanks to Jaume Badiella, German translation updates, thanks<br />
to Raymond Vetter, and Polish translation updates from Piotr Kozica.<br \
/> <br /> * Fixed an XSS attack in miniserv error messages, and added an \
option<br /> to disable SSL compression to defeat the BEAST attack.<br \
/> <br /> * Bridges not connected to any interface can be created in the \
Network<br /> Configuration module.<br /> <br />
* Webmin scheduled functions can now be viewed and run in the Webmin<br />
Configuration module. Also fixed a problem in which a long-running<br />
function could prevent Webmin from restarting.<br /> <br />
* Init scripts that hang forever when asked for their status will no<br />
longer hang the UI in the Bootup and Shutdown module.<br /> <br />
* Added a form in the Webmin Configuration module for testing mail server<br />
settings.<br /> <br />
* Added BTRFS support to the Disk and Network Filesystems module, and \
removed<br /> some obsolete filesystems.<br /> <br />
* Improved support for FreeBSD 9 and 10 in the Apache and filesystems \
modules.<br /> <br /> * Support for custom quota files in the Disk Quotas \
module.<br /> <br /> * Handle the case where the root filesystem is on \
/dev/root (as seen on CentOS<br /> 5.9) in the Disk Quotas module.<br /> \
<br /> * Added links from the System Information page to relevant modules, and \
a display<br /> of CPU and drive temperatures.<br /> <br />
* Improved detection of in-use ports when changing the Webmin port.<br /> <br \
/> * Added XZ compression format support in the Filesystem Backup module.<br /> \
<br /> * The LDAP attribute userPassword for users and groups is no longer<br \
/> set if not needed.<br /> <br />
Also available is Usermin 1.540, which includes the same translation<br />
updates.<br /> <br />
As always, please send me any bug reports or feature suggestions that<br />
you might have.<br /> <br />
- Jamie<br /> <br />
------------------------------------------------------------------------------<br />
Free Next-Gen Firewall Hardware Offer<br />
Buy your Sophos next-gen firewall before the end March 2013<br />
and get the hardware for free! Learn more.<br /> <a \
href="http://p.sf.net/sfu/sophos-d2d-feb" \
target="_blank">http://p.sf.net/sfu/sophos-d2d-feb</a><br />
-<br />
Forwarded by the Webmin mailing list at <a \
href="reply_mail.cgi?new=1&to=webadmin%2Dlist%40lists%2Esourceforge%2Enet">webadmin-list@lists.sourceforge.net</a><br \
/> To remove yourself from this list, go to<br /> <a \
href="http://lists.sourceforge.net/lists/listinfo/webadmin-list" \
target="_blank">http://lists.sourceforge.net/lists/listinfo/webadmin-list</a><br /> \
</blockquote> </div><br /><br clear="all" />
<div><br /></div>-- <br />To dream and to write ^^<br /><a \
href="http://mars.arinet.org" target="_blank">http://mars.arinet.org</a> </div>
</blockquote><br />
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic