GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Nov 04, 2013 1:26 pm Post subject: [ GLSA 201311-02 ] phpMyAdmin: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: phpMyAdmin: Multiple vulnerabilities (GLSA 201311-02)
Severity: normal
Exploitable: remote
Date: November 04, 2013
Bug(s): #465420, #467080, #478696, #479870
ID: 201311-02
Synopsis
Multiple vulnerabilities have been found in phpMyAdmin, allowing
remote authenticated attackers to execute arbitrary code, inject SQL code
or conduct other attacks.
Background
phpMyAdmin is a web-based management tool for MySQL databases.
Affected Packages
Package: dev-db/phpmyadmin
Vulnerable: < 4.0.5
Unaffected: >= 4.0.5
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in phpMyAdmin. Please
review the CVE identifiers referenced below for details.
Impact
A remote authenticated attacker could exploit these vulnerabilities to
execute arbitrary code with the privileges of the process running
phpMyAdmin, inject SQL code, or to conduct Cross-Site Scripting and
Clickjacking attacks.
Workaround
There is no known workaround at this time.
Resolution
All phpMyAdmin users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.0.5"
|
References
CVE-2013-1937
CVE-2013-3238
CVE-2013-3239
CVE-2013-4995
CVE-2013-4996
CVE-2013-4997
CVE-2013-4998
CVE-2013-4999
CVE-2013-5000
CVE-2013-5001
CVE-2013-5002
CVE-2013-5003
CVE-2013-5029
Last edited by GLSA on Sat May 24, 2014 4:32 am; edited 2 times in total |
|