Webmin version 1.810 released

6 posts / 0 new
Last post
#1 Wed, 08/10/2016 - 01:39
Joe
Joe's picture

Webmin version 1.810 released

Howdy all,

I've just rolled out version 1.810 of Webmin to all repositories.

Changes since 1.801:

  • Fixed a security bug in the new Authentic theme that could be exploited by non-root Webmin users.
  • Added the Linux IPv6 Firewall module, contributed by Patrick Wahle.
  • Added an option to the Webmin Configuration logging page for sending Webmin action log messages via email.
  • Failed Webmin logins are now recorded and displayed in the actions log.
  • More German, Norwegian and Catalan translation updates.

As we mentioned with the last Webmin release, we've been performing a somewhat extensive security audit of Authentic Theme, which did reveal a privilege escalation bug that has now been fixed. I'll write up the details of that bug in a day or two. It requires a valid Webmin login and a specially crafted request to exploit the bug (and no known exploits exist in the wild). Ilia took time out from his birthday celebrations to help us get this issue resolved quickly once I discovered it, so thanks to Ilia for his quick action on getting the new version of Authentic out!

It is strongly recommended you upgrade immediately to the latest version. If you cannot update immediately, disable Authentic Theme for all untrusted users (note that merely switching the root user theme or system default theme to another theme is insufficient to prevent exploitation; if switching to Authentic Theme is available to untrusted users, it is exploitable).

If you run into any problems with the new version, let us know.

Cheers,

Joe

Wed, 08/10/2016 - 07:44
Diabolico
Diabolico's picture

Update was ok but at the end there was a lot of errors based on authentic theme.

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: it.centos.contactlab.it
* extras: it.centos.contactlab.it
* updates: it.centos.contactlab.it
Resolving Dependencies
--> Running transaction check
---> Package webmin.noarch 0:1.801-1 will be updated
---> Package webmin.noarch 0:1.810-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package       Arch          Version          Repository                   Size
================================================================================
Updating:
webmin        noarch        1.810-1          virtualmin-universal         27 M

Transaction Summary
================================================================================
Upgrade  1 Package

Total download size: 27 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : webmin-1.810-1.noarch                                        1/2
Webmin install complete. You can now login to https://jenkins.cunicellus.com:11045/
as root with your root password.
  Cleanup    : webmin-1.801-1.noarch                                        2/2
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/tinymce.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/themes/modern/theme.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/themes/modern: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/themes: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/skin.min.css: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/skin.ie7.min.css: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/img/trans.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/img/object.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/img/loader.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/img/anchor.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/img: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce.ttf: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce.svg: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce.eot: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce-small.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce-small.ttf: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce-small.svg: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts/tinymce-small.eot: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/fonts: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/content.min.css: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray/content.inline.min.css: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins/lightgray: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/skins: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/wordcount/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/wordcount: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/visualchars/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/visualchars: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/visualblocks/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/visualblocks/css/visualblocks.css: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/visualblocks/css: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/visualblocks: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/textpattern/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/textpattern: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/textcolor/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/textcolor: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/template/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/template: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/table/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/table: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/tabfocus/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/tabfocus: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/spellchecker/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/spellchecker: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/searchreplace/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/searchreplace: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/save/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/save: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/print/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/print: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/preview/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/preview: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/paste/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/paste: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/pagebreak/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/pagebreak: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/noneditable/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/noneditable: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/nonbreaking/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/nonbreaking: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/media/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/media/moxieplayer.swf: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/media: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/lists/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/lists: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/link/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/link: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/legacyoutput/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/legacyoutput: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/layer/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/layer: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/insertdatetime/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/insertdatetime: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/importcss/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/importcss: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/image/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/image: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/hr/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/hr: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/fullscreen/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/fullscreen: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/fullpage/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/fullpage: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/example_dependency/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/example_dependency: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/example/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/example/dialog.html: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/example: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-yell.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-wink.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-undecided.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-tongue-out.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-surprised.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-smile.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-sealed.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-money-mouth.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-laughing.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-kiss.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-innocent.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-frown.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-foot-in-mouth.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-embarassed.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-cry.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img/smiley-cool.gif: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons/img: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/emoticons: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/directionality/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/directionality: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/contextmenu/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/contextmenu: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/colorpicker/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/colorpicker: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/code/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/code: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/charmap/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/charmap: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/bbcode/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/bbcode: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/autosave/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/autosave: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/autoresize/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/autoresize: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/autolink/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/autolink: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/anchor/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/anchor: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/advlist/plugin.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins/advlist: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/plugins: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/license.txt: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/zh.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/ru.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/ro.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/pt.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/pl.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/no.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/nl.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/it.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/fr.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/es.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/de.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs/da.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce/langs: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/tinymce: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/js/package.min.js: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/vxNK-E6B13CyehuDCmvQvw.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/tZdhd9Zzj0I2MwoD56osIw.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/owYYXKukxFDFjr0ZO8NXhz8E0i7KZn-EPnyo3HZu7kw.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/owYYXKukxFDFjr0ZO8NXh1tXRa8TVwTICgirnJhmVJw.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/iE8HhaRzdhPxC93dOdA05z8E0i7KZn-EPnyo3HZu7kw.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/iE8HhaRzdhPxC93dOdA051tXRa8TVwTICgirnJhmVJw.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/grlryt2bdKIyfMSOhzd1eA.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/daIfzbEw-lbjMyv4rMUUTltXRa8TVwTICgirnJhmVJw.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/daIfzbEw-lbjMyv4rMUUTj8E0i7KZn-EPnyo3HZu7kw.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/d-QWLnp4didxos_6urzFtg.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/biUEjW7P-lfzIZFXrcy-wQ.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/bHb1QXRvBr78bu2XNI1xvw.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/b9PWBSMHrT2zM5FgUdtu0VtXRa8TVwTICgirnJhmVJw.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/b9PWBSMHrT2zM5FgUdtu0T8E0i7KZn-EPnyo3HZu7kw.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/UbXx3E_TVHvOc89N28P2jA.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/Op9nD2u96-RO01_6Io91EA.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/N5Lbe1fynPA1KT8BFvAiGw.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/El-bgsteBznJNL5pgUfFLA.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/7KXg6nyyqN8gyMoNwQ7aOQ.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto/1_sFLBJZ_MiiGcnkjN_Mgg.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/roboto: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/jsglyph.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/jsglyph.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/jsglyph.ttf: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/jsglyph.svg: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/jsglyph.eot: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/fontawesome-webfont.woff2: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/fontawesome-webfont.woff: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/fontawesome-webfont.ttf: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/fontawesome-webfont.svg: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/fontawesome-webfont.eot: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts/FontAwesome.otf: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/fonts: remove failed: No such file or directory
warning: file /usr/libexec/webmin/authentic-theme/unauthenticated/css/package.min.css: remove failed: No such file or directory
  Verifying  : webmin-1.810-1.noarch                                        1/2
  Verifying  : webmin-1.801-1.noarch                                        2/2

  webmin.noarch 0:1.810-1                                                      

Complete!

If you tested this and its supposed to happen then you should point that out and not just silently leave to us to wonder if the update was ok or not. Please raise up the level of your communication when it comes to software updates.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Wed, 08/10/2016 - 12:57 (Reply to #2)
Joe
Joe's picture

That happens if Authentic has been updated outside of yum/rpm; e.g. via the in-built Authentic update functionality. There was a restructuring of the assets in version 18.x, and the last Webmin shipped with 17.84 (with security patch).

For systems that have only been updated via yum/RPM, these errors won't happen, as the files will all be where RPM expects them to be. The errors are harmless, but I can see how they might seem alarming. I don't really like updates happening outside of yum (the system package manager provides tools to validate a package, sign a package, etc., whereas just grabbing a tarball from the web does not); and we'd disabled automated updates in Authentic for a while because of that, but since Authentic has been moving so much faster than Webmin releases, we re-enabled the feature for a while. Eventually, Authentic won't be changing so much, and it'll stop getting frequent in-between release updates, and we'll likely disable (or at least hide) the update mechanism again.

If you want to not have this kind of error, don't update Authentic outside of yum/RPM (since it is part of Webmin, you'd get new updates whenever a new Webmin release rolls out, and not the in-between updates). This would mean new stuff going into Authentic might take a month or two or three to get to you, however, since we only do Webmin releases every 2-3 months, on average.

--

Check out the forum guidelines!

Wed, 08/10/2016 - 18:01
aaronstpierre

Hi Joe,

Sorry to belabor this point but I really think it needs to be said. First I'm a happy virtualmin customer and have been for years. I think it's truly amazing the work you guys are doing with such a small team. With that being said something has to be done about the communication of security issues.

Because of the last authentic theme issue I was forced to disable access to webmin/virtualmin. It's possible to do that in my environment so I guess it doesn't mean much coming from me but I'm sure it's not possible in a lot of environments. I'm not saying that I don't have a lot of virtualhosts but I tend to do the management for my clients.

Recently there was a security issue with WHMCS. To that end I got an email from then saying "We found a security issue please update". When I got the email I stopped what I was doing and applied the patch.

I just happened to check for updates today and noticed the new webmin update (I was out of the office for most of the day). Anyway I immediately came here and looked to see:

  • Fixed a security bug in the new Authentic theme that could be exploited by non-root Webmin users.

I realize this doesn't affect me but I also don't want insecure code running on my servers. As a customer I really feel this warrants an email so that we can update right away. I also realize that my being out of the office there would have been nothing I could do about such email but it shows that you are trying to inform me because I've purchased software from you.

Again I'm not trying to add insult to injury here but it just doesn't seem right that I have to come to the news forum to find out about security updates. I really think it's the responsibility of the vendor to fix the issue (which you have done) and the important part is to inform the consumer. The latter is the part that I think is missing here and as a customer I'd really love to see that addressed!

Thank you guys for everything not trying to be an a** here just voice my concerns!

Wed, 08/10/2016 - 21:31 (Reply to #4)
Joe
Joe's picture

You're right.

We have a Webmin announcement mailing list, which has been around forever, but for some reason this release and the last haven't been announced there (I don't know why, I've pinged Jamie about that; I think it's supposed to be automatic as part of his Webmin release process, but it doesn't seem to be working now, maybe due to changes at sourceforge). That list is here: https://sourceforge.net/p/webadmin/mailman/webadmin-announce/

We probably need such a mailing list just for Virtualmin (and we used to have one, like ten years ago, but then we got forum notifications working nicely and retired it, but now notifications are crap again). I'll get that setup by the time of our next release. I don't really want to host mailman lists ourselves, but I guess we need to, as I don't really want to put more on sourceforge, and github doesn't do mailing lists. Maybe it should just be a phplist or something similar, since we don't want replies for an announce list.

Anyway, it's been so long since we've had serious security issues (before the big Authentic issue in pre-1.801 releases) in Virtualmin/Webmin that we've gotten lax, and that's a problem we're working on.

Edit: Actually, it sounds like you think we should email everyone who has a license, which is also probably do-able. We're serious about not harassing people with email when they haven't explicitly asked for it, though, so that has never crossed my mind. But, for security issues, it does make sense. I'll see if I can figure out how to do that.

--

Check out the forum guidelines!

Wed, 08/10/2016 - 22:19
aaronstpierre

Hi Joe,

Thank you! I think a mailing list would be great, but I also understand that dealing with it and managing it is no fun either :). Personally I don't want to take you guys away from what you do best so my suggestion isn't to create more work just a simple way to keep us informed about critical issues.

Honestly I don't want to section out GPL people since they could potentially be affected by it as well but I guess that's another discussion :). Personally I look at it as I've bought software & updates from you guys so in some way or another I've given you permission to communicate with me. Believe me I love that you guys don't pester me with emails but if you did I'd only request that you'd provide a way out of the ones I don't want.

I don't have that many customers but I have enough for me and one time I forgot to BCC everyone. It's the first time in a 20+ year career I screwed up (in that way ugh). That was when I switched to using mailchimp for customer updates. It basically ensures, for me, I won't do something like that again. I don't use any of their fancy features and keep my emails plain text but I find it to be a great way to communicate with my clients. Again may not be a solution since you'd probably have to go on the paid plan because of the number of customers you have but just an idea.

I'm happy to help in anyway I can so please let me know & thanks again!

Topic locked