Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Thu, 17 Feb 2011 16:12:56 +0100
Type : VULN
Sujet : CERT-Renater : 2011/VULN127 (Debian : phpmyadmin security update)
====================================================================                                   CERT-Renater

                        Note d'Information No. 2011/VULN127
_____________________________________________________________________

DATE                      : 17/02/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running phpmyadmin versions prior to 2.11.8.1-5+lenny8,
                             3.3.7-5, 3.3.9.2-1.

======================================================================
http://lists.debian.org/debian-security-announce/2011/msg00033.html
______________________________________________________________________

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2167-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
February 16, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : phpmyadmin
Vulnerability  : sql injection
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-0987

It was discovered that phpMyAdmin, a a tool to administer MySQL over
the web, when the bookmarks feature is enabled, allowed to create a
bookmarked query which would be executed unintentionally by other users.

For the oldstable distribution (lenny), this problem has been fixed in
version 4:2.11.8.1-5+lenny8.

For the stable distribution (squeeze), this problem has been fixed in
version 4:3.3.7-5.

For the testing distribution (wheezy) and unstable distribution (sid),
this problem has been fixed in version 4:3.3.9.2-1.

We recommend that you upgrade your phpmyadmin packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================