Pardus alert 2010-121 (phpmyadmin)
| From: | Eren Turkay <eren@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2010-121] PhpMyAdmin: Multiple XSS Vulnerabilities | |
| Date: | Mon, 6 Sep 2010 14:27:10 +0300 (EEST) | |
| Message-ID: | <20100906112710.68171A7AB8A@lider.pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-121 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-09-06 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple XSS vulnerabilities have been fixed in PhpMyAdmin Description =========== CVE-2010-3056: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. Affected packages: Pardus 2009: phpmyadmin, all before 3.3.5.1-24-5 Resolution ========== There are update(s) for phpmyadmin. You can update them via Package Manager or with a single command from console: pisi up phpmyadmin References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=14089 * http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201... ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security