Package name
phpmyadmin
Date
2013-05-03
Advisory ID
MDVSA-2013:160
Affected versions
MBS1 x86_64

Problem description

Updated phpmyadmin package fixes security vulnerabilities:

In some PHP versions, the preg_replace\(\) function can be tricked
into executing arbitrary PHP code on the server. This is done by
passing a crafted argument as the regular expression, containing a
null byte. phpMyAdmin does not correctly sanitize an argument passed
to preg_replace\(\) when using the Replace table prefix feature,
opening the way to this vulnerability (CVE-2013-3238).

phpMyAdmin can be configured to save an export file on the web server,
via its SaveDir directive. With this in place, it's possible, either
via a crafted filename template or a crafted table name, to save a
double extension file like foobar.php.sql. In turn, an Apache webserver
on which there is no definition for the MIME type sql (the default)
will treat this saved file as a .php script, leading to remote code
execution (CVE-2013-3239).

Updated packages

MBS1 x86_64

 d78888a27ad48ca81ce02179da8bb0bc  mbs1/x86_64/phpmyadmin-3.5.8.1-0.1.mbs1.noarch.rpm 
 4a829064432e63a653c9cca52236334e  mbs1/SRPMS/phpmyadmin-3.5.8.1-0.1.mbs1.src.rpm

References