Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in phpymadmin
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in phpymadmin
ID: DSA-2286-1
Distribution: Debian
Plattformen: Debian squeeze
Datum: Di, 26. Juli 2011, 22:49
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2508
Applikationen: phpMyAdmin

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2286-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
July 26, 2011                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : phpymadmin
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2505 CVE-2011-2506 CVE-2011-2507
                 CVE-2011-2508 CVE-2011-2642

Several vulnerabilities were discovered in phpMyAdmin, a tool to
administrate MySQL over the web. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2011-2505

  Possible session manipulation in Swekey authentication.

CVE-2011-2506

  Possible code injection in setup script, in case session
  variables are compromised.

CVE-2011-2507

  Regular expression quoting issue in Synchronize code.

CVE-2011-2508

  Possible directory traversal in MIME-type transformation.

CVE-2011-2642

  Cross site scripting in table Print view when the attacker can
  create crafted table names.

No CVE name yet

  Possible superglobal and local variables manipulation in
  Swekey authentication. (PMASA-2011-12)

The oldstable distribution (lenny) is only affected by CVE-2011-2642,
which has been fixed in version 2.11.8.1-5+lenny9.

For the stable distribution (squeeze), these problems have been fixed
in version 3.3.7-6.

For the testing distribution (wheezy) and unstable distribution (sid),
these problems have been fixed in version 3.4.3.2-1.

We recommend that you upgrade your phpymadmin packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJOLxE7AAoJEOxfUAG2iX57N88H/AnM44upqiG3cvo+OYiQq/75
K6dmp4s5hUwJNWYgb3ZlqHw3Cbd/+UMvxztpTMXnDpxddn0PPZR3d55dWSZHYKTf
YdKrAwT7rnkpk6Gc6AOqy96XlxbqiqsRO9VVZCWqfiOSQm6wurzl1eQG8CIeuFg4
POsQFPo0AOoSMW1C/Lq0y7eArKJT+sjGdI4pdj32e7xJmWXXaU0IjMFIa/kWDo+p
2tbl6lRw262hEEq7immMETxEVoOe173KpYXpMly01tEKQIYepVXmNtDf2w1LgYWd
/LgI837i/5UvGOlxEXSRpTYqShQZ3SWINWdCAxuR8QRdBh3jO+NA6Sr1MNhCX/E=
=MSqd
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Archive: http://lists.debian.org/20110726191155.95A2659DC9@kinkhorst.com
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung