DSA 759-1: New phppgadmin packages
Posted on: 07/18/2005 08:34 AM

New phppgadmin packages are available for Debian GNU/Linux

Debian Security Advisory DSA 759-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 18th, 2005 http://www.debian.org/security/faq

Package : phppgadmin
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2256
BugTraq ID : 14142

A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that "magic_quotes_gpc" is disabled.

the old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 3.5.2-5.

For the unstable distribution (sid) this problem has been fixed in version 3.5.4.

We recommend that you upgrade your phppgadmin package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

Size/MD5 checksum: 584 46f4509ee768781e441286d125afe0f5
Size/MD5 checksum: 10063 8f1d0323ae84979c21a409334c6e70db
Size/MD5 checksum: 612995 9978c0a723a9e4572f2264478c0ba193

Architecture independent components:

Size/MD5 checksum: 601022 b9e4117adf7ef565e6884fbde4daaf9f

These files will probably be moved into the stable distribution on its next update.

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_759_1_new_phppgadmin_packages.html)