[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: [suse-security-announce] SUSE Security Announcement: phpMyAdmin remote code execution (SUSE-SA:2005:066)



On Sat, Nov 19, 2005 at 04:39:19PM +0100, Marcus Meissner wrote:
> On Fri, Nov 18, 2005 at 06:40:36PM -0800, Scott Leighton wrote:
> > On Friday 18 November 2005 5:35 am, Marcus Meissner wrote:
> > > ___________________________________________________________________________
> > >___
> > >
> > >                         SUSE Security Announcement
> > >
> > >         Package:                phpMyAdmin
> > >         Announcement ID:        SUSE-SA:2005:066
> > >         Date:                   Fri, 18 Nov 2005 11:00:00 +0000
> > 
> > 
> >    Anyone else having a problem after this YOU update? I have three
> > boxes, all of them started crapping out with the following error
> > message when trying to access phpMyAdmin, 
> > 
> >   Fatal error: main(): Failed opening required 
> > './' (include_path='.:/usr/share/php') 
> > in /srv/www/htdocs/phpMyAdmin/libraries/grab_globals.lib.php on line 70
> > 
> >   That file, grab_gobals.lib.php is one that was changed by the 
> > YOU update. Commenting out the 'require' on line 70 makes the
> > error go away, but I'm sure that's not really the right  solution.
> 
> We have several reports of this.
> 
> We will try to get a fixed version out on Monday.

We released updated phpMyAdmin packages to fix this yesterday evening
(a day late). It also includes fixes for yet another cross site scripting
problem too.

Ciao, Marcus

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here