*** This bug is a security vulnerability ***
Public security bug reported:
in Ubuntu 10.04.3 LTS, Release: 10.04 following phpmyadmin package is
used: 4:3.3.2-1, published on 2010-04-16
The maintainers of phpmyadmin report:
"[...]Versions 3.4.3.2 and 3.3.10.3 of phpMyAdmin close a total of four
security holes in the open source database administration tool. According to
the phpMyAdmin developers, the security releases address two "critical"
vulnerabilities that could lead to possible session manipulation in swekey
authentication or remote code execution. A "serious" bug that could allow an
attacker to perform a local file inclusion and a "minor" cross-site scripting
(XSS) hole have also been fixed.
Versions 3.4.3.1 and earlier are affected. The 2.11.x branch, which reached its
end of life earlier this month, is not affected by the session manipulation
hole, but may be affected by the others. All users are advised to update to the
latest versions. Alternatively, users can apply the provided patches.[...]"
See http://www.h-online.com/open/news/item/phpMyAdmin-updates-close-
critical-security-holes-1285281.html or phpmyadmin project homepage:
http://sourceforge.net/mailarchive/message.php?msg_id=27840904
The new package should be merged.
Thank you all
** Affects: phpmyadmin (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/823855
Title:
Package update because of security holes needed
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/823855/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs