Fedora alert FEDORA-2008-2874 (phpMyAdmin)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 7 Update: phpMyAdmin-2.11.5.1-1.fc7 | |
| Date: | Tue, 01 Apr 2008 21:39:15 +0000 | |
| Message-ID: | <200804012146.m31LkHZW016821@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2874 2008-04-01 21:14:24 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 7 Version : 2.11.5.1 Release : 1.fc7 URL : http://www.phpmyadmin.net/ Summary : Web based MySQL browser written in php Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages -------------------------------------------------------------------------------- Update Information: This update addresses PMASA-2008-2 / CVE-2008-1567: phpMyAdmin upstream received an advisory from Jim Hermann: It saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host. http://www.phpmyadmin.net/home_page/security.php?issue=PM... -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 29 2008 Robert Scheck <robert@fedoraproject.org> 2.11.5.1-1 - Upstream released 2.11.5.1 * Mon Mar 3 2008 Robert Scheck <robert@fedoraproject.org> 2.11.5-1 - Upstream released 2.11.5 * Sun Jan 13 2008 Robert Scheck <robert@fedoraproject.org> 2.11.4-1 - Upstream released 2.11.4 - Corrected mod_security example in configuration file (#427119) * Sun Dec 9 2007 Robert Scheck <robert@fedoraproject.org> 2.11.3-1 - Upstream released 2.11.3 - Removed the RPM scriptlets doing httpd restarts (#227025) - Patched an information disclosure known as CVE-2007-0095 (#221694) - Provide virtual phpmyadmin package and a httpd alias (#231431) * Wed Nov 21 2007 Robert Scheck <robert@fedoraproject.org> 2.11.2.2-1 - Upstream released 2.11.2.2 (#393771) * Tue Nov 20 2007 Mike McGrath <mmcgrath@redhat.com> 2.11.2.1-1 - Upstream released new version * Mon Oct 29 2007 Mike McGrath <mmcgrath@redhat.com> 2.11.2-1 * upstream released new version * Mon Oct 22 2007 Mike McGrath <mmcgrath@redhat.com> 2.11.1.2-1 * upstream released new version * Thu Sep 6 2007 Mike McGrath <mmcgrath@redhat.com> 2.11.0-1 - Upstream released new version - Altered sources file as required - Added proper license * Mon Jul 23 2007 Mike McGrath <mmcgrath@redhat.com> 2.10.3-1 - Upstream released new version -------------------------------------------------------------------------------- References: [ 1 ] Bug #439974 - CVE-2008-1567 user/password/secret key are stored plaintext https://bugzilla.redhat.com/show_bug.cgi?id=439974 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...