Debian: New phppgadmin packages fix several vulnerabilities
Summary
Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via the server parameter.
CVE-2007-5728
Cross-site scripting vulnerability allows remote attackers to inject
arbitrary web script or HTML via PHP_SELF.
CVE-2008-5587
Directory traversal vulnerability allows remote attackers to read
arbitrary files via _language parameter.
For the stable distribution (etch), these problems have been fixed in
version 4.0.1-3.1etch1.
For the unstable distribution (sid), these problems have been fixed in
version 4.2.1-1.1.
We recommend that you upgrade your phppgadmin package.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Size/MD5 checksum: 703673 eedac65ce5d73aca2f92388c9766ba1b
Size/MD5 checksum: 890 e6dea463d597f6dda40d774820e3bb03
Size/MD5 checksum: 15678 1cbe0f619e65a8c49894e8c0fe015fb5
Architecture independent packages:
Size/MD5 checksum: 704386 1f5b68f6be269eb3c10646cd8d69c31c
These files will probably be moved into the stable distribution on
its next update.
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org