Debian: DSA-2097-2: New phpmyadmin packages fix several vulnerabilities
Summary
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2010-3055
The configuration setup script does not properly sanitise its output
file, which allows remote attackers to execute arbitrary PHP code via
a crafted POST request. In Debian, the setup tool is protected through
Apache HTTP basic authentication by default.
CVE-2010-3056
Various cross site scripting issues have been discovered that allow
a remote attacker to inject arbitrary web script or HTML.
For the stable distribution (lenny), these problems have been fixed in
version 2.11.8.1-5+lenny6.
For the testing (squeeze) and unstable distribution (sid), these problems
have been fixed in version 3.3.5.1-1.
We recommend that you upgrade your phpmyadmin package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Source archives:
Size/MD5 checksum: 2870014 075301d16404c2d7d58216efc14f7a50
Size/MD5 checksum: 74349 e6f8e4ff6d973af576abeb4760caf5e0
Size/MD5 checksum: 1548 d6b8c634186104661caee4ac419a10ea
Architecture independent packages:
Size/MD5 checksum: 2886448 dcfc410cc5bcebc61bb32e33662e7fd3
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show