phpMyAdmin upstream has released new versions 3.2.2.1 and 2.11.9.6, fixing XSS and SQL injection issues. References: ----------- http://www.phpmyadmin.net/home_page/news.php#phpMyAdmin_3.2.2.1_and_2.11.9.6_are_released http://www.phpmyadmin.net/home_page/downloads.php http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://www.phpmyadmin.net/home_page/security/ (PMASA-2009-6 not published yet) Credit: ------- Herman van Rink
Already known to me, will submit updates this evening (next few hours).
Package: phpMyAdmin-2.11.9.6-1.el4 Tag: dist-4E-epel-testing-candidate Status: complete Built by: robert Package: phpMyAdmin-2.11.9.6-1.el5 Tag: dist-5E-epel-testing-candidate Status: complete Built by: robert Package: phpMyAdmin-3.2.2.1-1.fc10 Tag: dist-f10-updates-candidate Status: complete Built by: robert Package: phpMyAdmin-3.2.2.1-1.fc11 Tag: dist-f11-updates-candidate Status: complete Built by: robert Package: phpMyAdmin-3.2.2.1-1.fc12 Tag: dist-f12-updates-candidate Status: complete Built by: robert Package: phpMyAdmin-3.2.2.1-1.fc13 Tag: dist-f13 Status: complete Built by: robert
phpMyAdmin-2.11.9.6-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/phpMyAdmin-2.11.9.6-1.el4
phpMyAdmin-2.11.9.6-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/phpMyAdmin-2.11.9.6-1.el5
phpMyAdmin-3.2.2.1-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/phpMyAdmin-3.2.2.1-1.fc10
phpMyAdmin-3.2.2.1-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/phpMyAdmin-3.2.2.1-1.fc11
Fedora 12 is waiting for tagging, https://fedorahosted.org/rel-eng/ticket/2470
Quoting upstream PMASA-2009-6 advisory for CVE description: CVE-2009-3696 Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. CVE-2000-3697 SQL injection vulnerability allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature.
phpMyAdmin-3.2.2.1-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.2.2.1-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-2.11.9.6-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-2.11.9.6-1.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
Can't we close this bug report?
Yes, feel free to close any phpMyAdmin-related Security Response bugs when all affected Fedora and EPEL versions are fixed. It's currently not part of any Red Hat product. Thank you!