[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fedora] Schwachstelle in phpMyAdmin - FEDORA-2010-13258

To: win-sec-ssc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: [Fedora] Schwachstelle in phpMyAdmin - FEDORA-2010-13258
From: WiN Site Security Contacts <win-sec-ssc@xxxxxxxxxxxxxxxxx>
Date: Mon, 23 Aug 2010 13:10:32 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2010-3056 - Mehrere Cross-site Scripting Schwachstellen in
phpMyAdmin

  In phpMyAdmin sind mehrere, bisher nicht naeher beschriebene Cross-site
  Scripting Schwachstellen vorhanden. Ein entfernter Angreifer kann
  diese ausnutzen, um beliebige Befehle im Browser eines Benutzers
  auszufuehren.


Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket phpMyAdmin

  Fedora 12
  Fedora 13


Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
   Michael Groening, DFN-CERT
- -- 

Michael Groening (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen               https://www.cert.dfn.de/autowarn

- --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-13258
2010-08-21 03:57:45
- --------------------------------------------------------------------------------

Name        : phpMyAdmin
Product     : Fedora 12
Version     : 3.3.5.1
Release     : 1.fc12
URL         : http://www.phpmyadmin.net/
Summary     : Web based MySQL browser written in php
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges, export data into various formats and
is available in over 55 languages.

- --------------------------------------------------------------------------------
Update Information:

Changes for 3.3.5.1 (2010-10-20)  - [core] Fixed various XSS issues, see
PMASA-2010-5 for more details.
- --------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 20 2010 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.3.5.1-1
- - Upstream released 3.3.5.1 (#625877, #625878)
- - Added patch to fix wrong variable check at nopassword (#622428)
* Tue Jul 27 2010 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.3.5-1
- - Upstream released 3.3.5 (#618586)
* Tue Jun 29 2010 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.3.4-1
- - Upstream released 3.3.4 (#609057)
* Sat Jun 26 2010 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.3.3-1
- - Upstream released 3.3.3 (#558322, #589288, #589487)
* Sun Jan 10 2010 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.2.5-1
- - Upstream released 3.2.5
* Thu Dec  3 2009 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.2.4-1
- - Upstream released 3.2.4 (#540871, #540891)
* Thu Nov  5 2009 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.2.3-1
- - Upstream released 3.2.3
- --------------------------------------------------------------------------------
References:

  [ 1 ] Bug #625877 - CVE-2010-3056 phpMyAdmin: several XSS vulnerabilities fixed in 3.3.5.1/2.11.10.1
        https://bugzilla.redhat.com/show_bug.cgi?id=625877
- --------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update phpMyAdmin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
- --------------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkxyVygACgkQWmhIvjFb90WvFACfZr2eeIPz6rsdSdtwHo3gIjIC
/zoAoIIGIJTzG66k+ZQhxSo/FHDVZt8Y
=IhQ5
-----END PGP SIGNATURE-----

Prev by Date: [RedHat] Mehrere Schwachstellen im Adobe Acrobat Reader - RHSA-2010:0636-02
Next by Date: [Mandriva] Schwachstelle in mysql - MDVSA-2010:155
Previous by thread: [RedHat] Mehrere Schwachstellen im Adobe Acrobat Reader - RHSA-2010:0636-02
Next by thread: [Mandriva] Schwachstelle in mysql - MDVSA-2010:155
Index(es):
- Date
- Thread