-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-29
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 18 Jul 2008
Last revised: 18 Jul 2008
Package: phpmyadmin
Summary: Cross-site scripting (XSS) vulnerability
More information:
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web.
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7,
when register_globals is enabled and .htaccess support is disabled,
allows remote attackers to inject arbitrary web script or HTML via
unspecified vectors involving scripts in libraries/. (CVE-2008-2960)
Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
phpmyadmin-2.11.7-1.src.rpm
3106306 67eb1e8ba275e08ad62d1ac6ff15401c
Binary Packages
Size: MD5
phpmyadmin-2.11.7-1.noarch.rpm
4439307 65d2e8b1159f610b75281efad67ead19
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
phpmyadmin-2.11.7-1.src.rpm
3106306 67eb1e8ba275e08ad62d1ac6ff15401c
Binary Packages
Size: MD5
phpmyadmin-2.11.7-1.noarch.rpm
4440156 3d75beb7b61062e851e718ee85c1f2e9
References:
CVE
[CVE-2008-2960]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2960
--------------------------------------------------------------------------
Revision History
18 Jul 2008 Initial release
--------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkiAaegACgkQK0LzjOqIJMz73gCfapF8XVcPRvNjaBolRgo8GPjF
rqsAn1ab8NAVkJCTXNpnXZ2GioES6Re6
=WvsK
-----END PGP SIGNATURE-----
