drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in phpMyAdmin
Name: |
Mehrere Probleme in phpMyAdmin |
|
ID: |
MDVSA-2009:115 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Corporate 4.0 |
|
Datum: |
Mo, 18. Mai 2009, 16:48 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151
http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php
http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php |
|
Applikationen: |
phpMyAdmin |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1242658118-27111-3695
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:115 http://www.mandriva.com/security/ _______________________________________________________________________
Package : phpMyAdmin Date : May 18, 2009 Affected: Corporate 4.0 _______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been identified and corrected in phpMyAdmin: Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie (CVE-2009-1150). Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action (CVE-2009-1151). This update provides phpMyAdmin 2.11.9.5, which is not vulnerable to these issues. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151 http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php _______________________________________________________________________
Updated Packages:
Corporate 4.0: 164497e66c148faf7c15cd8c3bf5f297 corporate/4.0/i586/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm daf52104b152a84c8afaaa27b6444144 corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 5e3ce1455f31575daff865f6d909677b corporate/4.0/x86_64/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.noarch.rpm daf52104b152a84c8afaaa27b6444144 corporate/4.0/SRPMS/phpMyAdmin-2.11.9.5-0.1.20060mlcs4.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKEUo8mqjQ0CJFipgRAlL1AJ9Xgq7pjJks6GcBmfP3kY19ABKI5QCg5SSX 6aDnPWeYfBrI2ZWltHj0xEY= =Xf41 -----END PGP SIGNATURE-----
------------=_1242658118-27111-3695 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1242658118-27111-3695--
|
|
|
|