[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1311-1] adminer security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : adminer
Version        : 3.3.3-1+deb7u1
CVE ID         : CVE-2018-7667
Debian Bug     : #893668

It was discovered that there was a server-side request forgery exploit in
adminer, a web-based database administration tool.

Adminer allowed unauthenticated connections to be initiated to arbitrary
systems and ports which could bypass external firewalls to identify
internal hosts or perform port scanning of other servers.

For Debian 7 "Wheezy", this issue has been fixed in adminer version
3.3.3-1+deb7u1.

We recommend that you upgrade your adminer packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqzx4IACgkQHpU+J9Qx
Hlgqhg/+KfM5/8OKDv99f0F7zH9PCExw86Q+939oeoyvNTsewmtOsFpv45XuZElg
uCth0XBX/mU+uUvC7/1a1ixpthaHfTWnlJ5Wmjg7ytmdtOY0RyzxYV+UPvxFNdTp
ECKeoGqHIbVvyiEnVGEi+L+tuPP9L4ZrKr1sMMC4W4gwSG2bJTif72w7GNXKoXYz
qiqz1Sf8FU4zdllppcuk/ifokiBE3KZ+mxvkzg4L7nzRYNEOTWG9y36+9WIBNB3u
MJ5qZUaEUC9whgcYtLsskCc16vBdsSekA5v71HUYxFKrwHA0b/DpDtawmbUOE5s0
xpTgTjNbFo/sv1yDXIj2I7JNTJFISgGe7P5asRyvJY6vWzQuCj7xCAcCIcCjVYOf
T2coa14qEdAYPYK7YwufVzWog4f+DDMs8YxDAtSiWoDA5eqk1/zaXP3qQB5NZpOt
zjxJ1PUBEgH7S3kF7xL3cnS3xHv0RjCYor4OZrQ/Sq2t1eBI8c5LgqcLZnov2zuh
kd19TOUpaSAEIO8Sdb7njM9KI0/m56wIKycJ9IvAUDBQIgmYH1Ly25GUQ00dHvdQ
9TMOeYPgtHS1iifI2FRuKnKrolcxJGdKZXPWrogqL7Mp3SnpXGpBHgGQGQvkh4TP
c6EUDNrzwGIGYUPK4Gs/jz1lYG5V3PUZKFs7A3Ecafo8eTPrbB4=
=X8Gg
-----END PGP SIGNATURE-----


Reply to: