Paketname
phpmyadmin
Datum
2012-04-03
Advisory ID
MDVSA-2012:050
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in phpmyadmin:

It was possible to conduct XSS using a crafted database name
(CVE-2012-1190).

The show_config_errors.php scripts did not validate the presence of
the configuration file, so an error message shows the full path of
this file, leading to possible further attacks (CVE-2012-1902).

This upgrade provides the latest phpmyadmin version (3.4.10.2) to
address these vulnerabilities.

Aktualisierte Pakete

MES5 i586

 f7ab00f7bf26fce9d63d6e62bc915f90  mes5/i586/phpmyadmin-3.4.10.2-0.1mdvmes5.2.noarch.rpm 
 a52a9e2b2168701db6e106e4f80640f6  mes5/SRPMS/phpmyadmin-3.4.10.2-0.1mdvmes5.2.src.rpm

MES5 x86_64

 20d7133f0fb4cf7c8de2d7b2074aa13d  mes5/x86_64/phpmyadmin-3.4.10.2-0.1mdvmes5.2.noarch.rpm 
 a52a9e2b2168701db6e106e4f80640f6  mes5/SRPMS/phpmyadmin-3.4.10.2-0.1mdvmes5.2.src.rpm

Referenzen