Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Tim Sammut <underling@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 201201-01 ] phpMyAdmin: Multiple vulnerabilities
Date: Wed, 04 Jan 2012 23:59:22
Message-Id: 4F04E66F.5070500@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201201-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: phpMyAdmin: Multiple vulnerabilities
9 Date: January 04, 2012
10 Bugs: #302745, #335490, #336462, #354227, #373951, #376369,
11 #387413, #389427, #395715
12 ID: 201201-01
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities were found in phpMyAdmin, the most severe of
20 which allows the execution of arbitrary PHP code.
21
22 Background
23 ==========
24
25 phpMyAdmin is a web-based management tool for MySQL databases.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-db/phpmyadmin < 3.4.9 >= 3.4.9
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in phpMyAdmin. Please
39 review the CVE identifiers and phpMyAdmin Security Advisories
40 referenced below for details.
41
42 Impact
43 ======
44
45 Remote attackers might be able to insert and execute PHP code, include
46 and execute local PHP files, or perform Cross-Site Scripting (XSS)
47 attacks via various vectors.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All phpMyAdmin users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-3.4.9"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2008-7251
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7251
67 [ 2 ] CVE-2008-7252
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7252
69 [ 3 ] CVE-2010-2958
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2958
71 [ 4 ] CVE-2010-3055
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3055
73 [ 5 ] CVE-2010-3056
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3056
75 [ 6 ] CVE-2010-3263
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3263
77 [ 7 ] CVE-2011-0986
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0986
79 [ 8 ] CVE-2011-0987
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0987
81 [ 9 ] CVE-2011-2505
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2505
83 [ 10 ] CVE-2011-2506
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2506
85 [ 11 ] CVE-2011-2507
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2507
87 [ 12 ] CVE-2011-2508
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2508
89 [ 13 ] CVE-2011-2642
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2642
91 [ 14 ] CVE-2011-2643
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2643
93 [ 15 ] CVE-2011-2718
94 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2718
95 [ 16 ] CVE-2011-2719
96 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2719
97 [ 17 ] CVE-2011-3646
98 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3646
99 [ 18 ] CVE-2011-4064
100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4064
101 [ 19 ] CVE-2011-4107
102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4107
103 [ 20 ] CVE-2011-4634
104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4634
105 [ 21 ] CVE-2011-4780
106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4780
107 [ 22 ] CVE-2011-4782
108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4782
109 [ 23 ] PMASA-2010-1
110 http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
111 [ 24 ] PMASA-2010-2
112 http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php
113 [ 25 ] PMASA-2010-4
114 http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
115 [ 26 ] PMASA-2010-5
116 http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
117 [ 27 ] PMASA-2010-6
118 http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
119 [ 28 ] PMASA-2010-7
120 http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php
121 [ 29 ] PMASA-2011-1
122 http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
123 [ 30 ] PMASA-2011-10
124 http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
125 [ 31 ] PMASA-2011-11
126 http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
127 [ 32 ] PMASA-2011-12
128 http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
129 [ 33 ] PMASA-2011-15
130 http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php
131 [ 34 ] PMASA-2011-16
132 http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php
133 [ 35 ] PMASA-2011-17
134 http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
135 [ 36 ] PMASA-2011-18
136 http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php
137 [ 37 ] PMASA-2011-19
138 http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
139 [ 38 ] PMASA-2011-2
140 http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
141 [ 39 ] PMASA-2011-20
142 http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php
143 [ 40 ] PMASA-2011-5
144 http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
145 [ 41 ] PMASA-2011-6
146 http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
147 [ 42 ] PMASA-2011-7
148 http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
149 [ 43 ] PMASA-2011-8
150 http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
151 [ 44 ] PMASA-2011-9
152 http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
153
154 Availability
155 ============
156
157 This GLSA and any updates to it are available for viewing at
158 the Gentoo Security Website:
159
160 http://security.gentoo.org/glsa/glsa-201201-01.xml
161
162 Concerns?
163 =========
164
165 Security is a primary focus of Gentoo Linux and ensuring the
166 confidentiality and security of our users' machines is of utmost
167 importance to us. Any security concerns should be addressed to
168 security@g.o or alternatively, you may file a bug at
169 https://bugs.gentoo.org.
170
171 License
172 =======
173
174 Copyright 2012 Gentoo Foundation, Inc; referenced text
175 belongs to its owner(s).
176
177 The contents of this document are licensed under the
178 Creative Commons - Attribution / Share Alike license.
179
180 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups