| ||||||||||||||||
|
| ||||||||||||||||
Fedora alert FEDORA-2008-6502 (phpMyAdmin)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-6502 2008-07-17 03:13:41 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 9 Version : 2.11.7.1 Release : 1.fc9 URL : http://www.phpmyadmin.net/ Summary : Web based MySQL browser written in php Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages -------------------------------------------------------------------------------- Update Information: This update solves a not yet clearly documented security issue with phpMyAdmin. - [interface] New field cannot be auto-increment and primary key - [dbi] Incorrect interpretation for some mysqli field flags - [display] part 1: do not display a TEXT utf8_bin as BLOB (fixed for mysqli extension only) - [interface] sanitize the after_field parameter, thanks to Norman Hippert - [structure] do not remove the BINARY attribute in drop-down - [session] Overriding session.hash_bits_per_character - [interface] sanitize the table comments in table print view, thanks to Norman Hippert - [general] Auto_Increment selected for TimeStamp by Default - [display] No tilde for InnoDB row counter when we know it for sure, thanks to Vladyslav Bakayev - dandy76 - [display] alt text causes duplicated strings - [interface] Cannot upload BLOB into existing row - [export] HTML in exports getting corrupted, thanks to Jason Judge - jasonjudge - [interface] BINARY not treated as BLOB: update/delete issues - [security] protection against XSS when register_globals is on and .htaccess has no effect, thanks to Tim Starling - [export] Firefox 3 and .sql.gz (corrupted); detect Gecko 1.9, thanks to Juergen Wind - [security] XSRF/CSRF by manipulating the db, convcharset and collation_connection parameters, thanks to YGN Ethical Hacker Group http://www.phpmyadmin.net/home_page/security.php?issue=PM... -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 15 2008 Robert Scheck <robert@fedoraproject.org> 2.11.7.1-1 - Upstream released 2.11.7.1 (#455520) * Mon Jun 23 2008 Robert Scheck <robert@fedoraproject.org> 2.11.7-1 - Upstream released 2.11.7 (#452497) * Tue Apr 29 2008 Robert Scheck <robert@fedoraproject.org> 2.11.6-1 - Upstream released 2.11.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #455520 - phpMyAdmin: XSRF/CSRF by manipulating the db https://bugzilla.redhat.com/show_bug.cgi?id=455520 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
|
|||||||||||||||