Fedora Local Security Checks : Fedora Core 8 FEDORA-2008-11221 (phpMyAdmin)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.62947

Category: Fedora Local Security Checks

Title: Fedora Core 8 FEDORA-2008-11221 (phpMyAdmin)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to phpMyAdmin
announced via advisory FEDORA-2008-11221.

Update Information:

Improvements for 3.1.1.0:
- [core] Navi panel server links wrong
- [core] bad session.save_path not detected
- [core] Re-login causes PMA to forget current table name
- [export] do not include view name in export
- [display] enable copying of auto increment by default
- [core] do not bail out creating session on any PHP warning
- [display] properly update tooltips in navigation frame
- [core] do not use ctype if it is not available
- [display] HeaderFlipType fake problems
- [display] Incorrect size for view
- [display] Drop-down menu blinking in FF
- [lang] Catalan update
- [lang] Finnish update
- [core] Avoid error with BLOBstreaming support requiring SUPER privilege
- [security] possible XSRF on several pages

ChangeLog:

* Thu Dec 11 2008 Robert Scheck 3.1.1-1
- Upstream released 3.1.1 (#475954)
* Sat Nov 29 2008 Robert Scheck 3.1.0-1
- Upstream released 3.1.0
- Replaced LocationMatch with Directory directive (#469451)
* Thu Oct 30 2008 Robert Scheck 3.0.1.1-1
- Upstream released 3.0.1.1 (#468974)

References:

[ 1 ] Bug #475954 - phpMyAdmin: SQL injection through XSRF on several pages
https://bugzilla.redhat.com/show_bug.cgi?id=475954

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update phpMyAdmin' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-11221

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0095
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
http://osvdb.org/33257
http://securityreason.com/securityalert/2104
XForce ISS Database: phpmyadmin-darkblueorange-path-disclosure(31223)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31223

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.62947
Category:	Fedora Local Security Checks
Title:	Fedora Core 8 FEDORA-2008-11221 (phpMyAdmin)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2008-11221. Update Information: Improvements for 3.1.1.0: - [core] Navi panel server links wrong - [core] bad session.save_path not detected - [core] Re-login causes PMA to forget current table name - [export] do not include view name in export - [display] enable copying of auto increment by default - [core] do not bail out creating session on any PHP warning - [display] properly update tooltips in navigation frame - [core] do not use ctype if it is not available - [display] HeaderFlipType fake problems - [display] Incorrect size for view - [display] Drop-down menu blinking in FF - [lang] Catalan update - [lang] Finnish update - [core] Avoid error with BLOBstreaming support requiring SUPER privilege - [security] possible XSRF on several pages ChangeLog: * Thu Dec 11 2008 Robert Scheck 3.1.1-1 - Upstream released 3.1.1 (#475954) * Sat Nov 29 2008 Robert Scheck 3.1.0-1 - Upstream released 3.1.0 - Replaced LocationMatch with Directory directive (#469451) * Thu Oct 30 2008 Robert Scheck 3.0.1.1-1 - Upstream released 3.0.1.1 (#468974) References: [ 1 ] Bug #475954 - phpMyAdmin: SQL injection through XSRF on several pages https://bugzilla.redhat.com/show_bug.cgi?id=475954 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2008-11221 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0095 http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 http://osvdb.org/33257 http://securityreason.com/securityalert/2104 XForce ISS Database: phpmyadmin-darkblueorange-path-disclosure(31223) https://exchange.xforce.ibmcloud.com/vulnerabilities/31223
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com