Sicherheit: Cross-Site Scripting in phpmyadmin

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-29
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 18 Jul 2008
Last revised: 18 Jul 2008

Package: phpmyadmin

Summary: Cross-site scripting (XSS) vulnerability

More information:
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web.

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7,
when register_globals is enabled and .htaccess support is disabled,
allows remote attackers to inject arbitrary web script or HTML via
unspecified vectors involving scripts in libraries/. (CVE-2008-2960)

Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0

<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

phpmyadmin-2.11.7-1.src.rpm
3106306 67eb1e8ba275e08ad62d1ac6ff15401c

Binary Packages
Size: MD5

phpmyadmin-2.11.7-1.noarch.rpm
4439307 65d2e8b1159f610b75281efad67ead19

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

phpmyadmin-2.11.7-1.src.rpm
3106306 67eb1e8ba275e08ad62d1ac6ff15401c

Binary Packages
Size: MD5

phpmyadmin-2.11.7-1.noarch.rpm
4440156 3d75beb7b61062e851e718ee85c1f2e9

References:

CVE
[CVE-2008-2960]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2960

--------------------------------------------------------------------------
Revision History
18 Jul 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiAaegACgkQK0LzjOqIJMz73gCfapF8XVcPRvNjaBolRgo8GPjF
rqsAn1ab8NAVkJCTXNpnXZ2GioES6Re6
=WvsK
-----END PGP SIGNATURE-----