DSA-1824-1 phpmyadmin -- severalID: oval:org.secpod.oval:def:600355 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1150 Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies with the user to inject arbitrary web script or HTML. CVE-2009-1151 Static code injection allows for a remote attacker to inject arbitrary code into phpMyAdmin via the setup.php script. This script is in Debian under normal circumstances protected via Apache authentication. However, because of a recent worm based on this exploit, we are patching it regardless, to also protect installations that somehow still expose the setup.php script. For the old stable distribution , these problems have been fixed in version 2.9.1.1-11. For the stable distribution , these problems have been fixed in version 2.11.8.1-5+lenny1. For the unstable distribution , these problems have been fixed in version 3.1.3.1-1. We recommend that you upgrade your phpmyadmin package.
Platform: |
Debian 5.0 |
Debian 4.0 |