phpMyAdmin updates close security vulnerability
The phpMyAdmin developers have announced the release of version 3.3.9.1 and 2.11.11.2 of their database administration tool, security updates that fix a path disclosure vulnerability. According to the developers, when the README, ChangeLog or LICENSE files are removed from their original location, the scripts used to display these files can show their full path, possibly leading to further attacks.
All versions previous to 3.3.9.1 and 2.11.11.2 are said to be affected. While the developers consider the vulnerability to be non-critical, they still advise all users to upgrade as soon as possible. Alternatively, users can apply the provided patches.
Version 3.3.9.1 and 2.11.11.2 of phpMyAdmin is available to download from the project's site. Hosted on SourceForge, phpMyAdmin is made available under version 2 of the GNU General Public License (GPLv2).
See also:
- Path disclosure when some files have been removed, a phpMyAdmin security advisory.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
