Nom du paquet
phpmyadmin
Date
2013-07-30
Advisory ID
MDVSA-2013:203
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in
phpmyadmin:

* XSS due to unescaped HTML Output when executing a SQL query
(CVE-2013-4995).

* 5 XSS vulnerabilities in setup, chart display, process list, and
logo link. If a crafted version.json would be presented, an XSS could
be introduced (CVE-2013-4996, CVE-2013-4997).

* Full path disclosure vulnerabilities (CVE-2013-4998, CVE-2013-5000).

* Self-XSS due to unescaped HTML output in schema export
(CVE-2013-5002).

* SQL injection vulnerabilities, producing a privilege escalation
(control user) (CVE-2013-5003).

This upgrade provides the latest phpmyadmin version (3.5.8.2) to
address these vulnerabilities.

Updated packages

MES5 i586

 12911ccb6cff9d89b2c67cddb7cfb61f  mes5/i586/phpmyadmin-3.5.8.2-0.1mdvmes5.2.noarch.rpm 
 9b9434e5d48a234c3ea173c2a98b1bff  mes5/SRPMS/phpmyadmin-3.5.8.2-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 318571200eba1dda12498736133ab4ba  mbs1/x86_64/phpmyadmin-3.5.8.2-0.1.mbs1.noarch.rpm 
 3552ccfd4c8f05970d911ebfb348364b  mbs1/SRPMS/phpmyadmin-3.5.8.2-0.1.mbs1.src.rpm

MES5 x86_64

 9fcaa3b457365ed9caee3e627258b561  mes5/x86_64/phpmyadmin-3.5.8.2-0.1mdvmes5.2.noarch.rpm 
 9b9434e5d48a234c3ea173c2a98b1bff  mes5/SRPMS/phpmyadmin-3.5.8.2-0.1mdvmes5.2.src.rpm

References