MDVSA-2009:115

Package name

phpMyAdmin

Date

2009-05-18

Advisory ID

MDVSA-2009:115

Affected versions

CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities has been identified and corrected in
phpMyAdmin:

Multiple cross-site scripting (XSS) vulnerabilities in the export page
(display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x
before 3.1.3.1 allow remote attackers to inject arbitrary web script
or HTML via the pma_db_filename_template cookie (CVE-2009-1150).

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x
before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to
inject arbitrary PHP code into a configuration file via the save action
(CVE-2009-1151).

This update provides phpMyAdmin 2.11.9.5, which is not vulnerable to
these issues.

Updated packages

CS4.0 x86_64

 5e3ce1455f31575daff865f6d909677b  corporate/4.0/x86_64/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm 
 daf52104b152a84c8afaaa27b6444144  corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm

CS4.0 i586

 164497e66c148faf7c15cd8c3bf5f297  corporate/4.0/i586/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm 
 daf52104b152a84c8afaaa27b6444144  corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm

References

• http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
• http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151