Detalji

Kod programskog paketa phpMyAdmin, inačice distribuirane s operacijskim sustavom Fedora 15, uočena je i ispravljena sigurnosna ranjivost. PhpMyAdmin je alat za administraciju MySQL baza podataka putem web sučelja. Prilikom uklanjanja datoteka README, ChangeLog i LICENSE, skripte za prikazivanje dotičnih datoteka mogu uzrokovati pojavu ranjivosti na određene napade prikazom potpune putanje do navedenih datoteka. Drugi propust je povezan uz funkciju "PMA_Bookmark_get", a moguće ga je iskoristiti za obilaženje pojedinih sigurnosnih ograničenja. Obzirom da su dostupne ispravljene inačice, korisnicima se savjetuje njihova pravovremena instalacija.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1282
2011-02-11 00:04:14
--------------------------------------------------------------------------------

Name        : phpMyAdmin
Product     : Fedora 15
Version     : 3.3.9.2
Release     : 1.fc15
URL         : http://www.phpmyadmin.net/
Summary     : Web based MySQL browser written in php
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges, export data into various formats and
is available in over 55 languages.

--------------------------------------------------------------------------------
Update Information:

Changes for 3.3.9.1 (2011-02-08)

  * [security] Path disclosure, see PMASA-2011-1
  * http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php

Changes for 3.3.9.2 (2011-02-11)

  * [security] SQL injection, see PMASA-2011-2
  * http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676172 - phpMyAdmin-3.3.9.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=676172
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update phpMyAdmin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh