drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in phppgadmin (Aktualisierung)
Name: |
Mehrere Probleme in phppgadmin (Aktualisierung) |
|
ID: |
DSA-1693-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian etch |
|
Datum: |
Mi, 21. Januar 2009, 11:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5587 |
|
Applikationen: |
phpPgAdmin |
|
Update von: |
Mehrere Probleme in phppgadmin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1693-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst January 21, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package     : phppgadmin Vulnerability  : several Problem type  : remote Debian-specific: no CVE Id(s)    : CVE-2007-2865 CVE-2007-5728 CVE-2008-5587 Debian Bugs   : 427151 449103 508026
The security update for phpPgAdmin in DSA-1693-1 caused a regression in modifying table fields. This updates corrects that flaw. For reference the original advisory follows.
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-2865
  Cross-site scripting vulnerability allows remote attackers to inject   arbitrary web script or HTML via the server parameter.
CVE-2007-5728
  Cross-site scripting vulnerability allows remote attackers to inject   arbitrary web script or HTML via PHP_SELF.
CVE-2008-5587
  Directory traversal vulnerability allows remote attackers to read   arbitrary files via _language parameter.
For the stable distribution (etch), these problems have been fixed in version 4.0.1-3.1etch2.
We recommend that you upgrade your phppgadmin package.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch - -------------------------------
Source archives:
phppgadmin_4.0.1-3.1etch2.dsc Size/MD5 checksum: 890 a20ab5b499af2fa4393a344fd05641bb phppgadmin_4.0.1-3.1etch2.diff.gz Size/MD5 checksum: 15892 0d10507c0d6abf870c8cb4d29515d928 phppgadmin_4.0.1.orig.tar.gz Size/MD5 checksum: 703673 eedac65ce5d73aca2f92388c9766ba1b
Architecture independent packages:
phppgadmin_4.0.1-3.1etch2_all.deb Size/MD5 checksum: 704442 3449706caa8d61016aaf3a9cb9676ffb
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSXb2JSIIoQCMVaAcAQKIgwgAhedxjMYlT53fsZ7mZvQ5y6ERp8NoKDAW usnyegZyIK3L9+erVn0Nho+JEjunviajlq4M6y/Mg6sYdEkgnPOAGA8GSzFc+Gaz mIGgFNdFKyq7hPzadlGv+hjD9M8Mf9ZyKfQCoX6TqKnMqLAQRwxbiCaJni4EbhhN Vvh4mG1Ki6FVvR+mLMLBFBRLGz/pevLkdunl45gF/u1Uua9O7ZsINvsZCpIp9Azg DXsxGlJbt8c0qJyJsGKkkoao0aX6NTQVf/0pfdDW3vhUwjuLUisG1QdnGI+KdMoy gekHF9BLSliLFOq3H0C6EsLkdO2Dm84LnUuqzx7/9EDpxQv82Nu73g== =kucF -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|