In association with heise online

25 July 2011, 15:45

phpMyAdmin updates close critical security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

phpMyAdmin Logo

Versions 3.4.3.2 and 3.3.10.3 of phpMyAdmin close a total of four security holes in the open source database administration tool. According to the phpMyAdmin developers, the security releases address two "critical" vulnerabilities that could lead to possible session manipulation in swekey authentication or remote code execution. A "serious" bug that could allow an attacker to perform a local file inclusion and a "minor" cross-site scripting (XSS) hole have also been fixed.

Versions 3.4.3.1 and earlier are affected. The 2.11.x branch, which reached its end of life earlier this month, is not affected by the session manipulation hole, but may be affected by the others. All users are advised to update to the latest versions. Alternatively, users can apply the provided patches.

More details about the holes closed in the updates can be found in the project's security advisories. Versions 3.4.3.2 and 3.3.10.3 of phpMyAdmin are available to download from the project's site. Hosted on SourceForge, phpMyAdmin is made available under version 2 of the GNU General Public License (GPLv2).

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1285281
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit