Support / Security / Advisories / Mandriva Enterprise Server 5 / MDVSA-2012:050

Package name: phpmyadmin
Date: 2012-04-03
Advisory ID: MDVSA-2012:050
Affected versions: MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in phpmyadmin:

It was possible to conduct XSS using a crafted database name
(CVE-2012-1190).

The show_config_errors.php scripts did not validate the presence of
the configuration file, so an error message shows the full path of
this file, leading to possible further attacks (CVE-2012-1902).

This upgrade provides the latest phpmyadmin version (3.4.10.2) to
address these vulnerabilities.

Updated packages

MES5 i586

 f7ab00f7bf26fce9d63d6e62bc915f90  mes5/i586/phpmyadmin-3.4.10.2-0.1mdvmes5.2.noarch.rpm 
 a52a9e2b2168701db6e106e4f80640f6  mes5/SRPMS/phpmyadmin-3.4.10.2-0.1mdvmes5.2.src.rpm

MES5 x86_64

 20d7133f0fb4cf7c8de2d7b2074aa13d  mes5/x86_64/phpmyadmin-3.4.10.2-0.1mdvmes5.2.noarch.rpm 
 a52a9e2b2168701db6e106e4f80640f6  mes5/SRPMS/phpmyadmin-3.4.10.2-0.1mdvmes5.2.src.rpm

References

http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1902