What Are You Looking For?

Sign Up
- ------------------------------------------------------------------------Debian Security Advisory DSA-1693-1                  security@debian.org
https://www.debian.org/security/                          Thijs Kinkhorst
December 27, 2008                     https://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : phppgadmin
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-2865 CVE-2007-5728 CVE-2008-5587
Debian Bugs    : 427151 449103 508026

Several remote vulnerabilities have been discovered in phpPgAdmin, a tool
to administrate PostgreSQL database over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-2865

    Cross-site scripting vulnerability allows remote attackers to inject
    arbitrary web script or HTML via the server parameter.

CVE-2007-5728

    Cross-site scripting vulnerability allows remote attackers to inject
    arbitrary web script or HTML via PHP_SELF.

CVE-2008-5587

    Directory traversal vulnerability allows remote attackers to read
    arbitrary files via _language parameter.

For the stable distribution (etch), these problems have been fixed in
version 4.0.1-3.1etch1.

For the unstable distribution (sid), these problems have been fixed in
version 4.2.1-1.1.

We recommend that you upgrade your phppgadmin package.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------Source archives:

      Size/MD5 checksum:   703673 eedac65ce5d73aca2f92388c9766ba1b
      Size/MD5 checksum:      890 e6dea463d597f6dda40d774820e3bb03
      Size/MD5 checksum:    15678 1cbe0f619e65a8c49894e8c0fe015fb5

Architecture independent packages:

      Size/MD5 checksum:   704386 1f5b68f6be269eb3c10646cd8d69c31c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New phppgadmin packages fix several vulnerabilities

December 27, 2008
Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web

Summary

Severity

Related News

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Critical Exim RCE, Info Disclosure Bugs Fixed

Oct 8, 2023

Severe Chromium DoS, Info Disclosure Vulns Fixed

Oct 25, 2023

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Oct 5, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo