[gentoo-announce] [ GLSA 201311-02 ] phpMyAdmin: Multiple vulnerabilities - gentoo-announce

From:	Sergey Popov <pinkbyte@g.o>
To:	gentoo-announce@g.o
Subject:	[gentoo-announce] [ GLSA 201311-02 ] phpMyAdmin: Multiple vulnerabilities
Date:	Mon, 04 Nov 2013 12:01:40
Message-Id:	`52778B11.6030401@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201311-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: phpMyAdmin: Multiple vulnerabilities

9

     Date: November 04, 2013

10

     Bugs: #465420, #467080, #478696, #479870

11

       ID: 201311-02

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in phpMyAdmin, allowing remote

19

authenticated attackers to execute arbitrary code, inject SQL code or

20

conduct other attacks.

21

22

Background

23

==========

24

25

phpMyAdmin is a web-based management tool for MySQL databases.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-db/phpmyadmin            < 4.0.5                    >= 4.0.5

34

35

Description

36

===========

37

38

Multiple vulnerabilities have been discovered in phpMyAdmin. Please

39

review the CVE identifiers referenced below for details.

40

41

Impact

42

======

43

44

A remote authenticated attacker could exploit these vulnerabilities to

45

execute arbitrary code with the privileges of the process running

46

phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and

47

Clickjacking attacks.

48

49

Workaround

50

==========

51

52

There is no known workaround at this time.

53

54

Resolution

55

==========

56

57

All phpMyAdmin users should upgrade to the latest version:

58

59

  # emerge --sync

60

  # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.5"

61

62

References

63

==========

64

65

[  1 ] CVE-2013-1937

66

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1937

67

[  2 ] CVE-2013-3238

68

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3238

69

[  3 ] CVE-2013-3239

70

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3239

71

[  4 ] CVE-2013-4995

72

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4995

73

[  5 ] CVE-2013-4996

74

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4996

75

[  6 ] CVE-2013-4997

76

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4997

77

[  7 ] CVE-2013-4998

78

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4998

79

[  8 ] CVE-2013-4999

80

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4999

81

[  9 ] CVE-2013-5000

82

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5000

83

[ 10 ] CVE-2013-5001

84

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5001

85

[ 11 ] CVE-2013-5002

86

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5002

87

[ 12 ] CVE-2013-5003

88

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5003

89

[ 13 ] CVE-2013-5029

90

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5029

91

92

Availability

93

============

94

95

This GLSA and any updates to it are available for viewing at

96

the Gentoo Security Website:

97

98

 http://security.gentoo.org/glsa/glsa-201311-02.xml

99

100

Concerns?

101

=========

102

103

Security is a primary focus of Gentoo Linux and ensuring the

104

confidentiality and security of our users' machines is of utmost

105

importance to us. Any security concerns should be addressed to

106

security@g.o or alternatively, you may file a bug at

107

https://bugs.gentoo.org.

108

109

License

110

=======

111

112

Copyright 2013 Gentoo Foundation, Inc; referenced text

113

belongs to its owner(s).

114

115

The contents of this document are licensed under the

116

Creative Commons - Attribution / Share Alike license.

117

118

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201311-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: phpMyAdmin: Multiple vulnerabilities
9	Date: November 04, 2013
10	Bugs: #465420, #467080, #478696, #479870
11	ID: 201311-02
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in phpMyAdmin, allowing remote
19	authenticated attackers to execute arbitrary code, inject SQL code or
20	conduct other attacks.
21
22	Background
23	==========
24
25	phpMyAdmin is a web-based management tool for MySQL databases.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-db/phpmyadmin < 4.0.5 >= 4.0.5
34
35	Description
36	===========
37
38	Multiple vulnerabilities have been discovered in phpMyAdmin. Please
39	review the CVE identifiers referenced below for details.
40
41	Impact
42	======
43
44	A remote authenticated attacker could exploit these vulnerabilities to
45	execute arbitrary code with the privileges of the process running
46	phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and
47	Clickjacking attacks.
48
49	Workaround
50	==========
51
52	There is no known workaround at this time.
53
54	Resolution
55	==========
56
57	All phpMyAdmin users should upgrade to the latest version:
58
59	# emerge --sync
60	# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.5"
61
62	References
63	==========
64
65	[ 1 ] CVE-2013-1937
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1937
67	[ 2 ] CVE-2013-3238
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3238
69	[ 3 ] CVE-2013-3239
70	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3239
71	[ 4 ] CVE-2013-4995
72	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4995
73	[ 5 ] CVE-2013-4996
74	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4996
75	[ 6 ] CVE-2013-4997
76	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4997
77	[ 7 ] CVE-2013-4998
78	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4998
79	[ 8 ] CVE-2013-4999
80	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4999
81	[ 9 ] CVE-2013-5000
82	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5000
83	[ 10 ] CVE-2013-5001
84	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5001
85	[ 11 ] CVE-2013-5002
86	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5002
87	[ 12 ] CVE-2013-5003
88	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5003
89	[ 13 ] CVE-2013-5029
90	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5029
91
92	Availability
93	============
94
95	This GLSA and any updates to it are available for viewing at
96	the Gentoo Security Website:
97
98	http://security.gentoo.org/glsa/glsa-201311-02.xml
99
100	Concerns?
101	=========
102
103	Security is a primary focus of Gentoo Linux and ensuring the
104	confidentiality and security of our users' machines is of utmost
105	importance to us. Any security concerns should be addressed to
106	security@g.o or alternatively, you may file a bug at
107	https://bugs.gentoo.org.
108
109	License
110	=======
111
112	Copyright 2013 Gentoo Foundation, Inc; referenced text
113	belongs to its owner(s).
114
115	The contents of this document are licensed under the
116	Creative Commons - Attribution / Share Alike license.
117
118	http://creativecommons.org/licenses/by-sa/2.5