[Frugalware-security] [ FSA-751 ] phpmyadmin
Miklos Vajna
vmiklos at frugalware.org
Sun Feb 5 20:27:49 CET 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-751
Date: 2012-02-05
Package: phpmyadmin
Vulnerable versions: <= 3.4.8-1mores1
Unaffected versions: >= 3.4.9-1mores1
Related bugreport: https://bugs.frugalware.org/ticket/4643
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4780
Description
===========
Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.
Updated Packages
================
Check if you have phpmyadmin installed:
# pacman-g2 -Q phpmyadmin
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy phpmyadmin
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/751
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAk8u2DUACgkQZ7NElSD1Vhlt8ACggmvnM5WHULGxYr20ax+HqIXp
DTgAoI1CZeBFEUUY2fJ/4zD+XyWWDti8
=QRS3
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list