[Frugalware-security] [ FSA-751 ] phpmyadmin

Miklos Vajna vmiklos at frugalware.org
Sun Feb 5 20:27:49 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-751

Date: 2012-02-05
Package: phpmyadmin
Vulnerable versions: <= 3.4.8-1mores1
Unaffected versions: >= 3.4.9-1mores1
Related bugreport: https://bugs.frugalware.org/ticket/4643
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4780

Description
===========

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

Updated Packages
================

Check if you have phpmyadmin installed:

	# pacman-g2 -Q phpmyadmin

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy phpmyadmin

Availability
============

The latest revision of this advisory is available at
http://frugalware.org/security/751

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iEYEARECAAYFAk8u2DUACgkQZ7NElSD1Vhlt8ACggmvnM5WHULGxYr20ax+HqIXp
DTgAoI1CZeBFEUUY2fJ/4zD+XyWWDti8
=QRS3
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list