Debian: DSA-880-1 Critical: Phpmyadmin Cross-Site Threat Advisory
debian
November 2, 2005
Updated profile.
Topics Covered
Summary
Andreas Kerber and Michal Cihar discovered several cross-site
scripting vulnerabilities in the error page and in the cookie
login.
CVE-2005-3300
Stefan Esser discovered missing safety checks in grab_globals.php
that could allow an attacker to induce phpmyadmin to include an
arbitrary local file.
CVE-2005-3301
Tobias Klein discovered several cross-site scripting
vulnerabilities that could allow attackers to inject arbitrary
HTML or client-side scripting.
The version in the old stable distribution (woody) has probably its
own flaws and is not easily fixable without a full audit and patch
session. The easier way is to upgrade it from woody to sarge.
For the stable distribution (sarge) these problems have been fixed in
version 2.6.2-3sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 2.6.4-pl1-1.
We recommend that you upgrade your phpmyadmin package.
Upgrade Instructions
- --------------------wget url
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!