United States : 
Unknown Browser
www.ltdw.net 
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2009:115 ] phpMyAdmin
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2009:115 ] phpMyAdmin
| [Security Announce] [ MDVSA-2009:115 ] phpMyAdmin |
 |
 |
 |
(0 Votes)| Écrit par Administrator |
| Lundi, 18 Mai 2009 20:27 |
|
_______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:115 http://www.mandriva.com/security/ _______________________________________________________________________ Package : phpMyAdmin Date : May 18, 2009 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been identified and corrected in phpMyAdmin: Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie (CVE-2009-1150). Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action (CVE-2009-1151). This update provides phpMyAdmin 2.11.9.5, which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151 http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php _______________________________________________________________________ Updated Packages: Corporate 4.0: 164497e66c148faf7c15cd8c3bf5f297 corporate/4.0/i586/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm daf52104b152a84c8afaaa27b6444144 corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5e3ce1455f31575daff865f6d909677b corporate/4.0/x86_64/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm daf52104b152a84c8afaaa27b6444144 corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ 
|
