MDVSA-2009:274

Package name

phpmyadmin

Date

2009-10-13

Advisory ID

MDVSA-2009:274

Affected versions

CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problem description

This is a security release for XSS (CVE-2009-3696) and SQL injection
(CVE-2009-3697) problems.

This upgrade provides phpmyadmin 2.11.9.6 for CS4 and 3.2.2.1 for
MES5 which is not vulnerable for these security issues.

Updated packages

CS4.0 x86_64

 38b583d1b359cfe275492bd16462d278  corporate/4.0/x86_64/phpMyAdmin-2.11.9.6-0.1.20060mlcs4.noarch.rpm 
 be63b597c0de5b5b64b33db4f963e652  corporate/4.0/SRPMS/phpMyAdmin-2.11.9.6-0.1.20060mlcs4.src.rpm

MES5 i586

 e2be6765a2919121adf1c21f0f6faeeb  mes5/i586/phpmyadmin-3.2.2.1-0.1mdvmes5.noarch.rpm 
 6c90b7dd5deca9ca46547b46533b3073  mes5/SRPMS/phpmyadmin-3.2.2.1-0.1mdvmes5.src.rpm

CS4.0 i586

 bc227ca845cd3019ad9ed38b58595e81  corporate/4.0/i586/phpMyAdmin-2.11.9.6-0.1.20060mlcs4.noarch.rpm 
 be63b597c0de5b5b64b33db4f963e652  corporate/4.0/SRPMS/phpMyAdmin-2.11.9.6-0.1.20060mlcs4.src.rpm

MES5 x86_64

 c3c136303e7dee66da310c81317062e8  mes5/x86_64/phpmyadmin-3.2.2.1-0.1mdvmes5.noarch.rpm 
 6c90b7dd5deca9ca46547b46533b3073  mes5/SRPMS/phpmyadmin-3.2.2.1-0.1mdvmes5.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3696
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3697