Afternoon, folks;
Just a three-list cross-post to bring it to everyone's attention
at once, in case you weren't already aware. It was announced today
that a compromised SourceForge mirror was distributing a malicious
file with the phpMyAdmin package that allows an attacker to
arbitrarily execute code on a server hosting the exploitable package.
Obligatory (not intentionally self-serving) social media link here:
https://twitter.com/oidk/status/250688002005811200
I don't especially know how this might affect other projects that
are hosting on the same mirror, but I hope at least some of the more
popular projects will take a moment to verify the integrity of their
packages on the affected mirror ('cdnetworks-kr-1' mirror in Korea,
for those interested).
Those of you who have phpMyAdmin installed should check
immediately to see if your installation is vulnerable to the exploit,
particularly if it's auto-updated or has been installed or updated
recently.
We now return you to your regularly-scheduled Tuesday (unless
you're east of the EEST time zone, in which case, Happy Hump Day).
--
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
