| Secunia Advisory: | SA26733 | |
| Release Date: | 2007-09-10 | |
| Critical: |  Less critical | |
| Impact: | Cross Site Scripting | |
| Where: | From remote | |
| Solution Status: | Vendor Patch | |
| OS: | Debian GNU/Linux 3.1 Debian GNU/Linux 4.0 Debian GNU/Linux unstable alias sid | |
| CVE reference: | CVE-2006-6942 (Secunia mirror) CVE-2006-6944 (Secunia mirror) CVE-2007-1325 (Secunia mirror) CVE-2007-1395 (Secunia mirror) CVE-2007-2245 (Secunia mirror) | |
Description
:
Debian has issued an update for phpmyadmin. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
For more information:
SA22969
SA24952
Solution:
Apply updated packages.
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updat...pmyadmin/phpmyadmin_2.6.2-3sarge3.dsc
Size/MD5 checksum: 604 32ee16f4370604bc150d93c5676fface
http://security.debian.org/pool/updat...dmin/phpmyadmin_2.6.2-3sarge3.diff.gz
Size/MD5 checksum: 38520 f27c4b99bbdb3dc13fb71aef99749247
http://security.debian.org/pool/updat...pmyadmin/phpmyadmin_2.6.2.orig.tar.gz
Size/MD5 checksum: 2654418 05e33121984824c43d94450af3edf267
Architecture independent components:
http://security.debian.org/pool/updat...dmin/phpmyadmin_2.6.2-3sarge3_all.deb
Size/MD5 checksum: 2769182 00f14fb52a14546e92ece84c16cd249f
-- Debian GNU/Linux 4.0 alias etch --
Source archives:
http://security.debian.org/pool/updat...p/phpmyadmin/phpmyadmin_2.9.1.1-4.dsc
Size/MD5 checksum: 1011 26baccf88fa7d3b00f4802e46d8d0053
http://security.debian.org/pool/updat...pmyadmin/phpmyadmin_2.9.1.1-4.diff.gz
Size/MD5 checksum: 46886 0f377a70b327c65f53ff6895856d18d6
http://security.debian.org/pool/updat...yadmin/phpmyadmin_2.9.1.1.orig.tar.gz
Size/MD5 checksum: 3500563 f598509b308bf96aee836eb2338f523c
Architecture independent components:
http://security.debian.org/pool/updat...pmyadmin/phpmyadmin_2.9.1.1-4_all.deb
Size/MD5 checksum: 3605594 05f19efce1cb5b31a8f1161a01dbe158
-- Debian GNU/Linux unstable alias sid --
Fixed in version 2.10.1-1.
Original Advisory:
http://www.us.debian.org/security/2007/dsa-1370
Other References:
SA22969:
http://secunia.com/advisories/22969/
SA24952:
http://secunia.com/advisories/24952/
資料來源 http://secunia.com/advisories/26733/
留言列表
