U programskom paketu phpPgAdmin otkriven je propust XSS tipa kojeg udaljeni napadač može iskoristiti za umetanje proizvoljnog skriptnog koda i otkrivanje osjetljivih informacija o autentikaciji korisnika.
Paket:
phpPgAdmin 5.x
Operacijski sustavi:
Fedora 14, Fedora 15, Fedora 16
Kritičnost:
3.7
Problem:
neodgovarajuća provjera ulaznih podataka, XSS
Iskorištavanje:
udaljeno
Posljedica:
otkrivanje osjetljivih informacija, umetanje HTML i skriptnog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3598
Izvorni ID preporuke:
FEDORA-2011-13748
Izvor:
Fedora
Problem:
Otkriveni propust je XSS tipa, a uzrokovan je nedovoljnom provjerom korisničkih ulaznih podataka u skriptama Misc.php i display.php.
Posljedica:
Udaljeni napadač može iskoristiti propust pomoću posebno oblikovane URL adrese s izmijenjenim return_url i return_desc parametrima kako bi izveo proizvoljnu skriptu. Rezultat napada je prikupljanje osjetljivih informacija o autentikaciji korisnika.
Rješenje:
Preporuča se korištenje najnovije inačice u kojoj je otklonjen opisani propust.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13748
2011-10-04 20:39:54
--------------------------------------------------------------------------------
Name : phpPgAdmin
Product : Fedora 16
Version : 5.0.3
Release : 1.fc16
URL : http://phppgadmin.sourceforge.net/
Summary : Web-based PostgreSQL administration
Description :
phpPgAdmin is a fully functional web-based administration utility for
a PostgreSQL database server. It handles all the basic functionality
as well as some advanced features such as triggers, views and
functions (stored procedures). It also has Slony-I support.
--------------------------------------------------------------------------------
Update Information:
* Update to 5.0.3, per changes described at:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news
which also fixes a security flaw:
http://www.openwall.com/lists/oss-security/2011/10/04/1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743205 - CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in
v5.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=743205
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update phpPgAdmin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13801
2011-10-05 03:11:46
--------------------------------------------------------------------------------
Name : phpPgAdmin
Product : Fedora 15
Version : 5.0.3
Release : 1.fc15
URL : http://phppgadmin.sourceforge.net/
Summary : Web-based PostgreSQL administration
Description :
phpPgAdmin is a fully functional web-based administration utility for
a PostgreSQL database server. It handles all the basic functionality
as well as some advanced features such as triggers, views and
functions (stored procedures). It also has Slony-I support.
--------------------------------------------------------------------------------
Update Information:
* Update to 5.0.3, per changes described at:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news
which also fixes a security flaw:
http://www.openwall.com/lists/oss-security/2011/10/04/1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 3 2011 Devrim Gunduz <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 5.0.3-1
- Update to 5.0.3, per changes described at:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743205 - CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in
v5.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=743205
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update phpPgAdmin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13805
2011-10-05 03:11:57
--------------------------------------------------------------------------------
Name : phpPgAdmin
Product : Fedora 14
Version : 5.0.3
Release : 1.fc14
URL : http://phppgadmin.sourceforge.net/
Summary : Web-based PostgreSQL administration
Description :
phpPgAdmin is a fully functional web-based administration utility for
a PostgreSQL database server. It handles all the basic functionality
as well as some advanced features such as triggers, views and
functions (stored procedures). It also has Slony-I support.
--------------------------------------------------------------------------------
Update Information:
* Update to 5.0.3, per changes described at:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news
which also fixes a security flaw:
http://www.openwall.com/lists/oss-security/2011/10/04/1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 3 2011 Devrim Gunduz <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 5.0.3-1
- Update to 5.0.3, per changes described at:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news
* Wed Apr 27 2011 Devrim Gunduz <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 5.0.2-1
- Update to 5.0.2, which also fixes bz #689394
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #743205 - CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in
v5.0.3
https://bugzilla.redhat.com/show_bug.cgi?id=743205
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update phpPgAdmin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke