MDVSA-2010:244

Package name

phpmyadmin

Date

2010-11-30

Advisory ID

MDVSA-2010:244

Affected versions

CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in phpmyadmin:

It was possible to conduct a XSS attack using spoofed request on the
db search script (CVE-2010-4329).

This upgrade provides the latest phpmyadmin versions which is not
vulnerable to this security issue.

Updated packages

CS4.0 x86_64

 5c99ed5e8e313786e6f760076c81d2da  corporate/4.0/x86_64/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.noarch.rpm 
 013a296d2c2aa39a34b30b6d9e5f460c  corporate/4.0/SRPMS/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.src.rpm

MES5 i586

 70394e9ba0e8f350d6de2ca373dfd9b8  mes5/i586/phpmyadmin-3.3.8.1-0.1mdvmes5.1.noarch.rpm 
 b656823ea2dca7d61eb6ba85c3900470  mes5/SRPMS/phpmyadmin-3.3.8.1-0.1mdvmes5.1.src.rpm

CS4.0 i586

 87bb4457e07c68c7eddee73bc942fdb1  corporate/4.0/i586/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.noarch.rpm 
 013a296d2c2aa39a34b30b6d9e5f460c  corporate/4.0/SRPMS/phpMyAdmin-2.11.11.1-0.1.20060mlcs4.src.rpm

MES5 x86_64

 a3c6238fa1f3132a27a91aa503b6e2fc  mes5/x86_64/phpmyadmin-3.3.8.1-0.1mdvmes5.1.noarch.rpm 
 b656823ea2dca7d61eb6ba85c3900470  mes5/SRPMS/phpmyadmin-3.3.8.1-0.1mdvmes5.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4329
• http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php