Paketname
phpMyAdmin
Datum
2009-05-18
Advisory ID
MDVSA-2009:115
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

Multiple vulnerabilities has been identified and corrected in
phpMyAdmin:

Multiple cross-site scripting (XSS) vulnerabilities in the export page
(display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x
before 3.1.3.1 allow remote attackers to inject arbitrary web script
or HTML via the pma_db_filename_template cookie (CVE-2009-1150).

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x
before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to
inject arbitrary PHP code into a configuration file via the save action
(CVE-2009-1151).

This update provides phpMyAdmin 2.11.9.5, which is not vulnerable to
these issues.

Aktualisierte Pakete

CS4.0 x86_64

 5e3ce1455f31575daff865f6d909677b  corporate/4.0/x86_64/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm 
 daf52104b152a84c8afaaa27b6444144  corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm

CS4.0 i586

 164497e66c148faf7c15cd8c3bf5f297  corporate/4.0/i586/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm 
 daf52104b152a84c8afaaa27b6444144  corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm

Referenzen