DSA-2034-1 phpmyadmin -- severalID: oval:org.secpod.oval:def:600049 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions. CVE-2008-7252 phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation. CVE-2009-4605 The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery. For the stable distribution , these problems have been fixed in version phpmyadmin 2.11.8.1-5+lenny4. For the unstable distribution , these problems have been fixed in version 3.2.4-1. We recommend that you upgrade your phpmyadmin package.