In association with heise online

05 July 2011, 13:29

phpMyAdmin updates patch critical holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

phpMyAdmin Logo The phpMyAdmin developers have released versions 3.3.10.2 and 3.4.3.1 of their database administration tool; these are security updates that fix a total of four security holes. Rated as "highly critical" by Secunia, the vulnerabilities include a session manipulation bug in Swekey authentication that could be exploited to overwrite session variables, a possible code injection hole in the setup script and a regular expression quoting problem in Synchronize code.

According to the developers, the above vulnerabilities could lead to the injection and execution of arbitrary code. Versions 3.4.3 and and earlier are reportedly affected – the 2.11.x branch is not affected. A directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code which affects all previous versions has also been closed. All users are advised to update to the latest versions. Alternatively, users can apply the provided patches.

Versions 3.3.10.2 and 3.4.3.1 of phpMyAdmin are available to download from the project's site. Hosted on SourceForge, phpMyAdmin is made available under version 2 of the GNU General Public License (GPLv2).

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1273593
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit