Debian 4:2.9.1.1-6 Moderate: phpMyAdmin Cross-Site Scripting Issue
debian
November 8, 2007
Omer Singer of the DigiTrust Group discovered several vulnerabilities in
phpMyAdmin, an application to administrate MySQL over the WWW
Summary
phpMyAdmin allows a remote attacker to inject arbitrary web script
or HTML in the context of a logged in user's session (cross site
scripting).
CVE-2007-5386
phpMyAdmin, when accessed by a browser that does not URL-encode
requests, allows remote attackers to inject arbitrary web script
or HTML via the query string.
For the old stable distribution (sarge) this problem has been fixed in
version 4:2.6.2-3sarge6.
For the stable distribution (etch) this problem has been fixed in
version 4:2.9.1.1-6.
For the unstable distribution (sid) this problem has been fixed in
version 4:2.11.1.2-1.
We recommend that you upgrade your phpmyadmin package.
Upgrade Instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
...
PREVIOUS
NEXT
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!