From Mageia wiki
Jump to: navigation, search

MGASA-2013-0133

Date: May 2nd, 2013
Affected releases: 2
Media: Core


Description:
Updated phpmyadmin package fixes security vulnerabilities:

In some PHP versions, the preg_replace() function can be tricked into
executing arbitrary PHP code on the server. This is done by passing a
crafted argument as the regular expression, containing a null byte.
phpMyAdmin does not correctly sanitize an argument passed to preg_replace()
when using the "Replace table prefix" feature, opening the way to this
vulnerability (CVE-2013-3238).

phpMyAdmin can be configured to save an export file on the web server, via
its SaveDir directive. With this in place, it's possible, either via a
crafted filename template or a crafted table name, to save a double
extension file like foobar.php.sql. In turn, an Apache webserver on which
there is no definition for the MIME type "sql" (the default) will treat
this saved file as a ".php" script, leading to remote code execution
(CVE-2013-3239).


Updated Packages:
i586:
phpmyadmin-3.5.8.1-1.mga2.noarch.rpm

x86_64:
phpmyadmin-3.5.8.1-1.mga2.noarch.rpm

SRPMS:
phpmyadmin-3.5.8.1-1.mga2.src.rpm


References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3238
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3239
http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php
https://bugs.mageia.org/show_bug.cgi?id=9863