[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.2.2-1.fc7
updates at fedoraproject.org
updates at fedoraproject.org
Thu Nov 22 03:37:27 UTC 2007
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3666
2007-11-22 03:37:18.238627
--------------------------------------------------------------------------------
Name : phpMyAdmin
Product : Fedora 7
Version : 2.11.2.2
Release : 1.fc7
URL : http://www.phpmyadmin.net/
Summary : Web based MySQL browser written in php
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats and
is available in 50 languages
--------------------------------------------------------------------------------
Update Information:
The login page (auth_type cookie) was vulnerable to XSS via the convcharset parameter (PMASA-2007-8).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 21 2007 Robert Scheck <robert at fedoraproject.org> 2.11.2.2-1
- Upstream released 2.11.2.2 (#393771)
* Tue Nov 20 2007 Mike McGrath <mmcgrath at redhat.com> 2.11.2.1-1
- Upstream released new version
* Mon Oct 29 2007 Mike McGrath <mmcgrath at redhat.com> 2.11.2-1
* upstream released new version
* Mon Oct 22 2007 Mike McGrath <mmcgrath at redhat.com> 2.11.1.2-1
* upstream released new version
* Thu Sep 6 2007 Mike McGrath <mmcgrath at redhat.com> 2.11.0-1
- Upstream released new version
- Altered sources file as required
- Added proper license
* Mon Jul 23 2007 Mike McGrath <mmcgrath at redhat.com> 2.10.3-1
- Upstream released new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #333661 - phpMyAdmin 2.11.1.2 is released (fixes CVE-2007-5386, CVE-2007-5589)
https://bugzilla.redhat.com/show_bug.cgi?id=333661
[ 2 ] Bug #356291 - phpMyAdmin 2.11.2 is released
https://bugzilla.redhat.com/show_bug.cgi?id=356291
[ 3 ] Bug #393771 - phpMyAdmin 2.11.2.2 is released
https://bugzilla.redhat.com/show_bug.cgi?id=393771
[ 4 ] Bug #385891 - CVE-2007-5976 CVE-2007-5977 phpMyAdmin multiple vulnerabilities [f7]
https://bugzilla.redhat.com/show_bug.cgi?id=385891
[ 5 ] Bug #385881 - CVE-2007-5976 db_create SQL Injection
https://bugzilla.redhat.com/show_bug.cgi?id=385881
[ 6 ] Bug #385921 - CVE-2007-5977 XSS in db_create
https://bugzilla.redhat.com/show_bug.cgi?id=385921
--------------------------------------------------------------------------------
Updated packages:
09480ab0ccfc52b2dbca7b8b653c019073f05a1d phpMyAdmin-2.11.2.2-1.fc7.noarch.rpm
7889835f99bbb18be4f5aa4c8a3cb0c85959ea15 phpMyAdmin-2.11.2.2-1.fc7.src.rpm
This update can be installed with the "yum" update program. Use
su -c 'yum update phpMyAdmin'
at the command line. For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list