Home » debian

PHPMyAdmin Security Update 1/22/2012

22 January 2012 No Comment

There is a PHPMyAdmin update today for Debian. It fixes XSS bug in the table tracking feature and an XML import plugin vulnerability.  The stable version of Debian (squeeze) and testing (wheezy) are affected.

Package        : phpmyadmin

Vulnerability  : several

Problem type   : remote

Debian-specific: no

CVE ID         : CVE-2011-1940 CVE-2011-3181 CVE-2011-4107

Debian Bug     : 656247

 

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

 

CVE-2011-4107

 

The XML import plugin allowed a remote attacker to read arbitrary

files via XML data containing external entity references.

 

CVE-2011-1940, CVE-2011-3181

 

Cross site scripting was possible in the table tracking feature,

allowing a remote attacker to inject arbitrary web script or HTML

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

CAPTCHA Image
*