From owner-svn-ports-head@FreeBSD.ORG Wed Apr 24 20:23:17 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5C16C68B; Wed, 24 Apr 2013 20:23:17 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 4E4FB1D09; Wed, 24 Apr 2013 20:23:17 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r3OKNHnI013429; Wed, 24 Apr 2013 20:23:17 GMT (envelope-from matthew@svn.freebsd.org) Received: (from matthew@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r3OKNGdi013426; Wed, 24 Apr 2013 20:23:16 GMT (envelope-from matthew@svn.freebsd.org) Message-Id: <201304242023.r3OKNGdi013426@svn.freebsd.org> From: Matthew Seaman Date: Wed, 24 Apr 2013 20:23:16 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r316477 - in head: databases/phpmyadmin security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Apr 2013 20:23:17 -0000 Author: matthew Date: Wed Apr 24 20:23:16 2013 New Revision: 316477 URL: http://svnweb.freebsd.org/changeset/ports/316477 Log: Security updae to 3.5.8.1 Four new serious security alerts were issued today by the phpMyAdmin them: PMASA-2013-2 and PMASA-2013-3 are documented in this commit to vuln.xml. - Remote code execution via preg_replace(). - Locally Saved SQL Dump File Multiple File Extension Remote Code Execution. The other two: PMASA-2013-4 and PMASA-2013-5 only affect PMA 4.0.0 pre-releases earlier than 4.0.0-rc3, which are not available through the ports. Modified: head/databases/phpmyadmin/Makefile head/databases/phpmyadmin/distinfo head/security/vuxml/vuln.xml Modified: head/databases/phpmyadmin/Makefile ============================================================================== --- head/databases/phpmyadmin/Makefile Wed Apr 24 19:42:33 2013 (r316476) +++ head/databases/phpmyadmin/Makefile Wed Apr 24 20:23:16 2013 (r316477) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 3.5.8 +DISTVERSION= 3.5.8.1 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Modified: head/databases/phpmyadmin/distinfo ============================================================================== --- head/databases/phpmyadmin/distinfo Wed Apr 24 19:42:33 2013 (r316476) +++ head/databases/phpmyadmin/distinfo Wed Apr 24 20:23:16 2013 (r316477) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.5.8-all-languages.tar.xz) = 0766acb45d862ca802b5d3018f240bdd0a14749e21f40ebabe51bf25d6088409 -SIZE (phpMyAdmin-3.5.8-all-languages.tar.xz) = 3744780 +SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6 +SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Apr 24 19:42:33 2013 (r316476) +++ head/security/vuxml/vuln.xml Wed Apr 24 20:23:16 2013 (r316477) @@ -51,6 +51,59 @@ Note: Please add new entries to the beg --> + + phpMyAdmin -- Multiple security vulnerabilities + + + phpMyAdmin + 3.53.5.8.1 + + + + +

The phpMyAdmin development team reports:

+
+

In some PHP versions, the preg_replace() function can be + tricked into executing arbitrary PHP code on the + server. This is done by passing a crafted argument as the + regular expression, containing a null byte. phpMyAdmin does + not correctly sanitize an argument passed to preg_replace() + when using the "Replace table prefix" feature, opening the + way to this vulnerability..

+

This vulnerability can be triggered only by someone who + logged in to phpMyAdmin, as the usual token protection + prevents non-logged-in users to access the required + form.

+
+
+

phpMyAdmin can be configured to save an export file on + the web server, via its SaveDir directive. With this in + place, it's possible, either via a crafted filename template + or a crafted table name, to save a double extension file + like foobar.php.sql. In turn, an Apache webserver on which + there is no definition for the MIME type "sql" (the default) + will treat this saved file as a ".php" script, leading to + remote code execution.

+

This vulnerability can be triggered only by someone who + logged in to phpMyAdmin, as the usual token protection + prevents non-logged-in users to access the required + form. Moreover, the SaveDir directive is empty by default, + so a default configuration is not vulnerable. The + $cfg['SaveDir'] directive must be configured, and the server + must be running Apache with mod_mime to be exploitable.

+
+ + + + CVE-2013-3238 + CVE-2013-3239 + + + 2013-04-24 + 2013-04-24 + + + tinc -- Buffer overflow