Debian 10036 Published by

An updated phpMyAdmin packages has been released for Debian GNU/Linux

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2286-1 Thijs Kinkhorst
July 26, 2011
- -------------------------------------------------------------------------

Package : phpymadmin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2505 CVE-2011-2506 CVE-2011-2507
CVE-2011-2508 CVE-2011-2642

Several vulnerabilities were discovered in phpMyAdmin, a tool to
administrate MySQL over the web. The Common Vulnerabilities and
Exposures project identifies the following problems:


Possible session manipulation in Swekey authentication.


Possible code injection in setup script, in case session
variables are compromised.


Regular expression quoting issue in Synchronize code.


Possible directory traversal in MIME-type transformation.


Cross site scripting in table Print view when the attacker can
create crafted table names.

No CVE name yet

Possible superglobal and local variables manipulation in
Swekey authentication. (PMASA-2011-12)

The oldstable distribution (lenny) is only affected by CVE-2011-2642,
which has been fixed in version

For the stable distribution (squeeze), these problems have been fixed
in version 3.3.7-6.

For the testing distribution (wheezy) and unstable distribution (sid),
these problems have been fixed in version

We recommend that you upgrade your phpymadmin packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: