MDVSA-2010:018

Package name
phpMyAdmin
Date
2010-01-19
Advisory ID
MDVSA-2010:018
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities has been found and corrected in phpMyAdmin:

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates
a temporary directory with 0777 permissions, which has unknown impact
and attack vectors (CVE-2008-7251).

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses
predictable filenames for temporary files, which has unknown impact
and attack vectors (CVE-2008-7252).

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before
2.11.10 calls the unserialize function on the values of the (1)
configuration and (2) v[0] parameters, which might allow remote
attackers to conduct cross-site request forgery (CSRF) attacks via
unspecified vectors (CVE-2009-4605).

This update provides phpMyAdmin 2.11.10, which is not vulnerable to
these issues.

Updated packages

CS4.0 x86_64

 c1b99fd5d52f53f1bbd5fc56a99654de  corporate/4.0/x86_64/phpMyAdmin-2.11.10-0.1.20060mlcs4.noarch.rpm 
 6ccf82f206cf5bf67073055a1954668f  corporate/4.0/SRPMS/phpMyAdmin-2.11.10-0.1.20060mlcs4.src.rpm

CS4.0 i586

 e03dbf68c5d28f28c6937d81a4e8c9aa  corporate/4.0/i586/phpMyAdmin-2.11.10-0.1.20060mlcs4.noarch.rpm 
 6ccf82f206cf5bf67073055a1954668f  corporate/4.0/SRPMS/phpMyAdmin-2.11.10-0.1.20060mlcs4.src.rpm

References