Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2010:164

Nom du paquet: phpmyadmin
Date: 2010-08-30
Advisory ID: MDVSA-2010:164
Affected versions: MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in phpmyadmin:

It was possible to conduct a XSS attack using crafted URLs or POST
parameters on several pages (CVE-2010-3056).

This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for
this security issue.

Updated packages

MES5 i586

 01349c105d6ad1133c91a93f54e5b834  mes5/i586/phpmyadmin-3.3.5.1-0.1mdvmes5.1.noarch.rpm 
 c6853d1d31269b1ad825f938252d7388  mes5/SRPMS/phpmyadmin-3.3.5.1-0.1mdvmes5.1.src.rpm

MES5 x86_64

 3647163b0d53a447552fc99797d16003  mes5/x86_64/phpmyadmin-3.3.5.1-0.1mdvmes5.1.noarch.rpm 
 c6853d1d31269b1ad825f938252d7388  mes5/SRPMS/phpmyadmin-3.3.5.1-0.1mdvmes5.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3056