MDVSA-2011:026

Package name

phpmyadmin

Date

2011-02-14

Advisory ID

MDVSA-2011:026

Affected versions

CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities were discovered and corrected in phpmyadmin:

When the files README, ChangeLog or LICENSE have been removed from
their original place (possibly by the distributor), the scripts used
to display these files can show their full path, leading to possible
further attacks (CVE-2011-0986).

It was possible to create a bookmark which would be executed
unintentionally by other users (CVE-2011-0987).

The updated packages have been upgraded to the latest versions to
mitigate these issues.

Updated packages

CS4.0 x86_64

 264af5570aa57c0af58983d23c6854d9  corporate/4.0/x86_64/phpMyAdmin-2.11.11.3-0.1.20060mlcs4.noarch.rpm 
 f542a938ebe99b540937133f41e6f517  corporate/4.0/SRPMS/phpMyAdmin-2.11.11.3-0.1.20060mlcs4.src.rpm

MES5 i586

 1125168fb6450d91d1ee6b6ec7073598  mes5/i586/phpmyadmin-3.3.9.2-0.1mdvmes5.1.noarch.rpm 
 7c16ef1c4009fdfb86eec64ffaaf1040  mes5/SRPMS/phpmyadmin-3.3.9.2-0.1mdvmes5.1.src.rpm

CS4.0 i586

 f7f64177255ddf089a00a95d64de31b0  corporate/4.0/i586/phpMyAdmin-2.11.11.3-0.1.20060mlcs4.noarch.rpm 
 f542a938ebe99b540937133f41e6f517  corporate/4.0/SRPMS/phpMyAdmin-2.11.11.3-0.1.20060mlcs4.src.rpm

MES5 x86_64

 2ed88f3bd79920dcd4d15d7547de2fcb  mes5/x86_64/phpmyadmin-3.3.9.2-0.1mdvmes5.1.noarch.rpm 
 7c16ef1c4009fdfb86eec64ffaaf1040  mes5/SRPMS/phpmyadmin-3.3.9.2-0.1mdvmes5.1.src.rpm

References

• http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
• http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0987