Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora: 2009-2984 Critical: phpMyAdmin XSS And Inclusion Threats

fedora
Calendar Grey March 25, 2009
Dist Fedora Esm H88
Enhancement for phpMyAdmin 3.1.3.1 boosts security framework: resolves XSS vulnerabilities, file inclusion concerns, and ensures proper output sanitization.
Improvements for 3.1.3.1: - [security] HTTP Response Splitting and file inclusion vulnerabilities - [security] XSS vulnerability on export page -[security] Insufficient output ...

Summary

phpMyAdmin is a tool written in PHP intended to handle the administration of

MySQL over the Web. Currently it can create and drop databases,

create/drop/alter tables, delete/edit/add fields, execute any SQL statement,

manage keys on fields, manage privileges,export data into various formats and

is available in 50 languages

Improvements for 3.1.3.1: - [security] HTTP Response Splitting and file

inclusion vulnerabilities - [security] XSS vulnerability on export page -[security] Insufficient output sanitizing when generating configuration file

* Wed Mar 25 2009 Robert Scheck 3.1.3.1-1

- Upstream released 3.1.3.1 (#492066)

* Sun Mar 1 2009 Robert Scheck 3.1.3-1

- Upstream released 3.1.3

* Mon Feb 23 2009 Robert Scheck 3.1.2-2

- Rebuilt against rpm 4.6

* Tue Jan 20 2009 Robert Scheck 3.1.2-1

- Upstream released 3.1.2

* Thu Dec 11 2008 Robert Scheck 3.1.1-1

- Upstream released 3.1.1 (#475954)

* Sat Nov 29 2008 Robert Scheck 3.1.0-1

- Upstream released 3.1.0

- Replaced LocationMatch with Directory directive (#469451)

* Thu Oct 30 2008 Robert Scheck 3.0.1.1-1

- Upstream released 3.0.1.1 (#468974)

* Wed Oct 22 2008 Robert Scheck 3.0.1-1

- Upstream released 3.0.1

* Sun Oct 19 2008 Robert Scheck 3.0.0-1

- Upstream released 3.0.0

* Mon Sep 22 2008 Robert Scheck 2.11.9.2-1

- Upstream released 2.11.9.2 (#463260)

* Tue Sep 16 2008 Robert Scheck 2.11.9.1-1

- Upstream released 2.11.9.1 (#462430)

* Fri Aug 29 2008 Robert Scheck 2.11.9-1

- Upstream released 2.11.9

* Mon Jul 28 2008 Robert Scheck 2.11.8.1-1

- Upstream released 2.11.8.1 (#456637, #456950)

* Mon Jul 28 2008 Robert Scheck 2.11.8-1

- Upstream released 2.11.8 (#456637)

* Tue Jul 15 2008 Robert Scheck 2.11.7.1-1

- Upstream released 2.11.7.1 (#455520)

* Mon Jun 23 2008 Robert Scheck 2.11.7-1

- Upstream released 2.11.7 (#452497)

* Tue Apr 29 2008 Robert Scheck 2.11.6-1

- Upstream released 2.11.6

[ 1 ] Bug #492066 - phpMyAdmin: Insufficient output sanitizing when generating configuration file (PMASA-2009-3)

https://bugzilla.redhat.com/show_bug.cgi?id=492066

su -c 'yum update phpMyAdmin' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora XSS file inclusion web administration phpMyAdmin configuration sanitizing

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 9
Version: 3.1.3.1
Release: 1.fc9
URL: https://www.phpmyadmin.net/
Summary: Web based MySQL browser written in php

Topics%20covered

Topics Covered

security advisory fedora XSS file inclusion web administration phpMyAdmin configuration sanitizing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here