-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u8 CVE ID : CVE-2016-6621
A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal hostnames or opened ports on the internal network. Additionally there was a race condition between writing configuration and administrator moving it allowing unauthenticated users to read or alter it. Debian users who configured phpmyadmin via debconf and used the default configuration for Apache 2 or Lighttpd were never affected. For Debian 7 "Wheezy", these problems have been fixed in version 4:3.4.11.1-2+deb7u8. We recommend that you upgrade your phpmyadmin packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAliv0/FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTDPw/+KbrkizW1UEZuQKmuADSd01lFZAs0TZG/XDh0FHnKc4Tgv3JcX+VlEx+a PRQ0hDqFwZPHCnMiR+ERmnnjo7yqGkrPubgGkcF1x8+HZSPQoYSEQagPZ/paMS+p 9hkgfXZcBEF5Kzwy36ObOA9kfXuYsfLNR6MrviLjqCLhVLq6R32nBsTLNTKS5ccD LQxds24Ciilj6TiaELC/TRBWwBGIgvxUiFI6ot02mtfqE5BTvFw4q8GIGqaAYPHa 6vkDbrxI88HpvjlntcD65/yFvzeWPQwzTu0NGpES1ZnF1U5IEL5yyI12wnUlKyZ7 W9Zv+e8vgES7w2RtxADUCiCQ/aFPke0XnJqgVpxip4+raasczm0E7l6/9ZR5naVo caRtoP6nw8KmmNNVlltfoK89LViuLvQAMXMPQ0gPaNNn4JActeCnlVXaA+VbmEsi 6ZmDNw6rqeHu9ndExKyEy1JkWlunHJC0p9f3/S3uNOz0eNPTorviLQPI+vsqK/PW yRragKI5UKk8cU37g7baWeGDs48Sd9AD9J5QX+MhJvMb/xNQ1CIIPzcJyhw40N2j ujeoCJeoNZckMawVrqKQDsF0QiTuXNAM981jNXmh1AJ1HO0fFjH+04Ju1t1tM5fG HgqXefBU2HAP8jnh09pSJSvTivq1P+yyavD+C9ztxS1rAQ1Un4s= =SRKo -----END PGP SIGNATURE-----
