Vulnerability Announced in phpMyAdmin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



    Afternoon, folks;

    Just a three-list cross-post to bring it to everyone's attention
at once, in case you weren't already aware.  It was announced today
that a compromised SourceForge mirror was distributing a malicious
file with the phpMyAdmin package that allows an attacker to
arbitrarily execute code on a server hosting the exploitable package.
Obligatory (not intentionally self-serving) social media link here:

        https://twitter.com/oidk/status/250688002005811200

    I don't especially know how this might affect other projects that
are hosting on the same mirror, but I hope at least some of the more
popular projects will take a moment to verify the integrity of their
packages on the affected mirror ('cdnetworks-kr-1' mirror in Korea,
for those interested).

    Those of you who have phpMyAdmin installed should check
immediately to see if your installation is vulnerable to the exploit,
particularly if it's auto-updated or has been installed or updated
recently.

    We now return you to your regularly-scheduled Tuesday (unless
you're east of the EEST time zone, in which case, Happy Hump Day).

-- 
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux