[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 834-1] phpmyadmin security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : phpmyadmin
Version        : 4:3.4.11.1-2+deb7u8
CVE ID         : CVE-2016-6621

A server-side request forgery vulnerability was reported for the setup
script in phpmyadmin, a MYSQL web administration tool. This flaw may
allow an unauthenticated attacker to brute-force MYSQL passwords,
detect internal hostnames or opened ports on the internal network.
Additionally there was a race condition between writing configuration
and administrator moving it allowing unauthenticated users to read or
alter it. Debian users who configured phpmyadmin via debconf and used
the default configuration for Apache 2 or Lighttpd were never affected.

For Debian 7 "Wheezy", these problems have been fixed in version
4:3.4.11.1-2+deb7u8.

We recommend that you upgrade your phpmyadmin packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAliv0/FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTDPw/+KbrkizW1UEZuQKmuADSd01lFZAs0TZG/XDh0FHnKc4Tgv3JcX+VlEx+a
PRQ0hDqFwZPHCnMiR+ERmnnjo7yqGkrPubgGkcF1x8+HZSPQoYSEQagPZ/paMS+p
9hkgfXZcBEF5Kzwy36ObOA9kfXuYsfLNR6MrviLjqCLhVLq6R32nBsTLNTKS5ccD
LQxds24Ciilj6TiaELC/TRBWwBGIgvxUiFI6ot02mtfqE5BTvFw4q8GIGqaAYPHa
6vkDbrxI88HpvjlntcD65/yFvzeWPQwzTu0NGpES1ZnF1U5IEL5yyI12wnUlKyZ7
W9Zv+e8vgES7w2RtxADUCiCQ/aFPke0XnJqgVpxip4+raasczm0E7l6/9ZR5naVo
caRtoP6nw8KmmNNVlltfoK89LViuLvQAMXMPQ0gPaNNn4JActeCnlVXaA+VbmEsi
6ZmDNw6rqeHu9ndExKyEy1JkWlunHJC0p9f3/S3uNOz0eNPTorviLQPI+vsqK/PW
yRragKI5UKk8cU37g7baWeGDs48Sd9AD9J5QX+MhJvMb/xNQ1CIIPzcJyhw40N2j
ujeoCJeoNZckMawVrqKQDsF0QiTuXNAM981jNXmh1AJ1HO0fFjH+04Ju1t1tM5fG
HgqXefBU2HAP8jnh09pSJSvTivq1P+yyavD+C9ztxS1rAQ1Un4s=
=SRKo
-----END PGP SIGNATURE-----
Reply to: