Bug 743205 (CVE-2011-3598)

Summary: CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: devrim, dyoung, john.julien.qso5, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 743207    
Bug Blocks:    

Description Jan Lieskovsky 2011-10-04 08:27:08 UTC
Multiple cross-site scripting (XSS) flaws were reported in phpPgAdmin:
1) the 'title' argument of a particular web page was not sanitized properly
   prior displaying the page header,
2) the return ULR ('return_url') and return link name ('return_desc') were
   not sanitized properly prior displaying the requested page data.

A remote attacker could provide a specially-crafted URL, which once visited by an unsuspecting phpPgAdmin user could lead to arbitrary HTML or web script execution.

References:
[1] https://secunia.com/advisories/46248/
[2] https://bugs.gentoo.org/show_bug.cgi?id=385505
[3] http://phppgadmin.sourceforge.net/doku.php?id=download
[4] http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news

Upstream patch:
[5] https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842

Comment 1 Jan Lieskovsky 2011-10-04 08:32:05 UTC
CVE Request:
[6] http://www.openwall.com/lists/oss-security/2011/10/04/1

Comment 2 Jan Lieskovsky 2011-10-04 08:34:53 UTC
The following phpPgAdmin package updates have been scheduled to correct these flaws
in particular releases of Fedora and in the following EPEL repositories versions:
1) phpPgAdmin-5.0.3-1.fc15 for Fedora-15,
2) phpPgAdmin-5.0.3-1.fc14 for Fedora-14,
3) phpPgAdmin-5.0.3-1.el5 for EPEL-5,
4) phpPgAdmin-5.0.3-1.el6 for EPEL-6.

Once the updates have passed the required level of testing, they will be pushed to the -stable repositories.

Comment 3 Jan Lieskovsky 2011-10-04 08:42:38 UTC
These issues affect the version of the phpPgAdmin package, as present within EPEL-4 repository. Please schedule an update with the correction.

Comment 4 Jan Lieskovsky 2011-10-04 08:43:50 UTC
Created phpPgAdmin tracking bugs for this issue

Affects: epel-4 [bug 743207]

Comment 5 Devrim Gündüz 2011-10-04 14:51:25 UTC
I just pushed all releases.

Comment 6 Vincent Danen 2011-10-04 19:19:25 UTC
This issue has been assigned the name CVE-2011-3598:

http://www.openwall.com/lists/oss-security/2011/10/04/10

Comment 7 Jan Lieskovsky 2011-10-05 09:50:20 UTC
(In reply to comment #5)
> I just pushed all releases.

Thanks Devrim, appreciated.

Comment 8 Jan Lieskovsky 2011-10-05 09:55:36 UTC
The complete list of phpPgAdmin package updates, which contain fix for these issues:
1) phpPgAdmin-5.0.3-1.fc14,
2) phpPgAdmin-5.0.3-1.fc15,
3) phpPgAdmin-5.0.3-1.fc16,
4) phpPgAdmin-5.0.3-1.el4,
5) phpPgAdmin-5.0.3-1.el5,
6) phpPgAdmin-5.0.3-1.el6.

Comment 9 Fedora Update System 2011-10-13 00:51:24 UTC
phpPgAdmin-5.0.3-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2011-10-13 00:51:56 UTC
phpPgAdmin-5.0.3-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2011-10-13 04:38:36 UTC
phpPgAdmin-5.0.3-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2011-10-24 15:38:20 UTC
phpPgAdmin-5.0.3-1.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2011-10-24 15:38:44 UTC
phpPgAdmin-5.0.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2011-10-24 15:39:08 UTC
phpPgAdmin-5.0.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Dan Young 2011-10-27 17:10:38 UTC
Please note that phpPgAdmin ≥ 5.0 requires PHP version 5, which is not present in EL4. The update in the EPEL 4 repository breaks those EL4 installs.