Hi Jamie,
I've upgraded from Webmin 1.580-1 to 1.620-1, hoping that "CRIME/TLS" attack would be resolved. So, I tick mark "Allow compressed SSL connections?" to no.
And restart webmin.

But after scanning it with Nessus, it still says that Webmin has that vulnerability. I'm running webmin on Centos 5.8.
Is there something that I miss? Some log files I can see what's going on?
Thank you.


On Thu, Feb 7, 2013 at 9:42 AM, Jamie Cameron <jcameron@webmin.com> wrote:
Hi everyone,

Webmin version 1.620 is now available for download from
http://www.webmin.com/ . This release includes the following
major changes :

 * Norwegian updates, thanks to Stein-Aksel Basma, Catalan updates,
   thanks to Jaume Badiella, German translation updates, thanks
   to Raymond Vetter, and Polish translation updates from Piotr Kozica.

 * Fixed an XSS attack in miniserv error messages, and added an option
   to disable SSL compression to defeat the BEAST attack.

 * Bridges not connected to any interface can be created in the Network
   Configuration module.

 * Webmin scheduled functions can now be viewed and run in the Webmin
   Configuration module. Also fixed a problem in which a long-running
   function could prevent Webmin from restarting.

 * Init scripts that hang forever when asked for their status will no
   longer hang the UI in the Bootup and Shutdown module.

 * Added a form in the Webmin Configuration module for testing mail server
   settings.

 * Added BTRFS support to the Disk and Network Filesystems module, and removed
   some obsolete filesystems.

 * Improved support for FreeBSD 9 and 10 in the Apache and filesystems modules.

 * Support for custom quota files in the Disk Quotas module.

 * Handle the case where the root filesystem is on /dev/root (as seen on CentOS
   5.9) in the Disk Quotas module.

 * Added links from the System Information page to relevant modules, and a display
   of CPU and drive temperatures.

 * Improved detection of in-use ports when changing the Webmin port.

 * Added XZ compression format support in the Filesystem Backup module.

 * The LDAP attribute userPassword for users and groups is no longer
   set if not needed.

Also available is Usermin 1.540, which includes the same translation
updates.

As always, please send me any bug reports or feature suggestions that
you might have.

 - Jamie

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list



--
To dream and to write ^^
http://mars.arinet.org