Thank you merci Le Mer 27 Fév 2019 14:58, Sylvain Beucler <[email protected]> a écrit :
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Package : phpmyadmin > Version : 4:4.2.12-2+deb8u5 > CVE ID : CVE-2019-6799 > Debian Bug : 920823 > > > An information leak issue was discovered in phpMyAdmin. An attacker > can read any file on the server that the web server's user can > access. This is related to the mysql.allow_local_infile PHP > configuration. When the AllowArbitraryServer configuration setting is > set to false (default), the attacker needs a local MySQL account. When > set to true, the attacker can exploit this with the use of a rogue > MySQL server. > > For Debian 8 "Jessie", this problem has been fixed in version > 4:4.2.12-2+deb8u5. > > We recommend that you upgrade your phpmyadmin packages. > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -----BEGIN PGP SIGNATURE----- > > iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlx2ll4ACgkQj/HLbo2J > BZ9uwwgAioP4kzTcsHE2yIA4ZdW96aszHsyv8vqReg+ir4MtRodhRvlA/tAszdz2 > ov0DThc43uUEGBYCASpUYY8r5lD8EeCLLKkrZwanW4zvNF7m4few4JwfvZoWIMRw > PeB1mnkSF7dg0qPC+4OLRuaYgfyMeLSDIVJbmNlFfUYxK/0t1XvqTBUpPupgjPnv > uZw8OJzhjdaq5R/FaCR+gs5fD9f3CNy4lKPoGv0MVOCqaMW/2/AqvIEMTkjbNDmp > hzQfS/n8k5FPkfev8KfBaWBDn+y78FbZZQ81oqwzK5bRyyU2PMa8SnJldJgITOo7 > oq2uNscdwfJnhTpIvbPfxKCrSFJ5kQ== > =CJqr > -----END PGP SIGNATURE----- > >
