[Frugalware-security] [ FSA-55 ] phpmyadmin

voroskoi noreply at frugalware.org
Thu Nov 23 21:54:13 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-55

Date: 2006-11-23
Package: phpmyadmin
Vulnerable versions: <= 2.9.1_rc1-1siwenna1
Unaffected versions: >= 2.9.1.1-1siwenna1
Related bugreport: http://bugs.frugalware.org/task/1417
			http://bugs.frugalware.org/task/1469
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5718

Description
===========

Input containing UTF-7 encoded characters passed to the script which displays error messages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Three other security issues fixed too, see http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-{7,8,9} for details.

Updated Packages
================

Check if you have phpmyadmin installed:

	# pacman -Q phpmyadmin

If found, then you should upgrade to the latest version:

	# pacman -Sy phpmyadmin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFZgp1Z7NElSD1VhkRAoJnAKCQ5Dh0RlMfmQyadc1V98RH2BVpqQCglFsp
mtvOs1u7oGe3XlPARi3VYSs=
=BD5c
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list