Support / Security / Advisories / Mandriva Enterprise Server 5 / MDVSA-2009:192

Package name: phpmyadmin
Date: 2009-08-05
Advisory ID: MDVSA-2009:192
Affected versions: MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been identified and corrected in phpMyAdmin:

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1
allows remote attackers to inject arbitrary web script or HTML via
a crafted SQL bookmark (CVE-2009-2284).

This update provides phpmyadmin 3.2.0.1, which is not vulnerable to
this issue.

Updated packages

MES5 i586

 f29809a79beba8e06d6b7a6bc6409353  mes5/i586/phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm 
 b2f1d2938a0fa4dab143b9063ec2d74c  mes5/SRPMS/phpmyadmin-3.2.0.1-0.1mdvmes5.src.rpm

MES5 x86_64

 d9e0b8c4fe67650e27252726868f2b59  mes5/x86_64/phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm 
 b2f1d2938a0fa4dab143b9063ec2d74c  mes5/SRPMS/phpmyadmin-3.2.0.1-0.1mdvmes5.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2284
http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php