Olá Marcelo,<div><br></div><div>Só mais uma atualização.</div><div><br></div><div>Fiz o teste que você enviou e aponta o erro tanto na versão 2.11.11.1 quanto na versão 3.3.9. Não testei com a 3.4.0-beta2.</div><div><br></div>
<div><br></div><div>[]&#39;s</div><div><br clear="all"><div title="signature"><div dir="ltr"><div style="padding:5px 0pt;font-family:arial,sans-serif;font-size:13.3px"><span style="color:#000000;border-collapse:collapse"><div style="display:inline !important">
<span style="font-size:medium"><em><strong><span style="color:#3366ff">Marcelo Subtil Marçal</span></strong></em></span></div>
</span><br><span style="color:#000000;border-collapse:collapse">
<div><span style="font-size:xx-small"><span style="font-style:italic"><a style="color:#074d8f;font-family:verdana, sans-serif" href="mailto:marcelo@smarcal.com" target="_blank"><span style="font-size:x-small">marcelo@smarcal.com<br>
</span></a></span></span><span style="border-collapse:separate">
<div style="padding-top:5px;padding-right:0pt;padding-bottom:5px;padding-left:0pt;font-family:arial, sans-serif;font-size:13.3px;display:inline !important" dir="ltr"><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://twitter.com/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/twitter.png" border="0" alt="Twitter" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.google.com/profiles/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/google.png" border="0" alt="Google" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.linkedin.com/in/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/linkedin.png" border="0" alt="Linkedin" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.last.fm/user/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/lastfm.png" border="0" alt="Last.fm" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.orkut.com.br/Profile.aspx?uid=11425061924826698897" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/orkut.png" border="0" alt="Orkut" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.facebook.com/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/facebook.png" border="0" alt="Facebook" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.youtube.com/user/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/youtube.png" border="0" alt="Youtube" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://blog.smarcal.com/feed/" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/blogRSS.png" border="0" alt="Blog RSS" width="16" height="16"></a></div>

</span></div>
</span></div>
</div></div><br>
<br><br><div class="gmail_quote">On Mon, Jan 17, 2011 at 7:21 AM, Marcelo Subtil Marcal <span dir="ltr">&lt;<a href="mailto:marcelo@smarcal.com">marcelo@smarcal.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Olá Marcelo,<div><br></div><div><div>Encontrei o pacote phpMyAdmin-3.3.9 apenas no repositório REMI, mas com dependências do php-5.2.0.</div><div><br></div><div>Caso interesse em configurar esse repositório:</div><div><br>

</div><div># rpm -Uvh <a href="http://rpms.famillecollet.com/el5.i386/remi-release-5-8.el5.remi.noarch.rpm" target="_blank">http://rpms.famillecollet.com/el5.i386/remi-release-5-8.el5.remi.noarch.rpm</a></div><div><br></div>
<div>[]&#39;s</div>
<div><br clear="all"><div title="signature"><div dir="ltr"><div style="padding:5px 0pt;font-family:arial,sans-serif;font-size:13.3px"><span style="color:#000000;border-collapse:collapse"><div style="display:inline !important">

<span style="font-size:medium"><em><strong><span style="color:#3366ff">Marcelo Subtil Marçal</span></strong></em></span></div>
</span><br><span style="color:#000000;border-collapse:collapse">
<div><span style="font-size:xx-small"><span style="font-style:italic"><a style="color:#074d8f;font-family:verdana, sans-serif" href="mailto:marcelo@smarcal.com" target="_blank"><span style="font-size:x-small">marcelo@smarcal.com<br>

</span></a></span></span><span style="border-collapse:separate">
<div style="padding-top:5px;padding-right:0pt;padding-bottom:5px;padding-left:0pt;font-family:arial, sans-serif;font-size:13.3px;display:inline !important" dir="ltr"><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://twitter.com/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/twitter.png" border="0" alt="Twitter" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.google.com/profiles/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/google.png" border="0" alt="Google" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.linkedin.com/in/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/linkedin.png" border="0" alt="Linkedin" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.last.fm/user/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/lastfm.png" border="0" alt="Last.fm" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.orkut.com.br/Profile.aspx?uid=11425061924826698897" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/orkut.png" border="0" alt="Orkut" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.facebook.com/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/facebook.png" border="0" alt="Facebook" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://www.youtube.com/user/msmarcal" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/youtube.png" border="0" alt="Youtube" width="16" height="16"></a><a style="color:#074d8f;padding-top:0pt;padding-right:2px;padding-bottom:0pt;padding-left:2px" href="http://blog.smarcal.com/feed/" target="_blank"><img style="vertical-align:middle;padding-bottom:5px" src="http://www.images.wisestamp.com/blogRSS.png" border="0" alt="Blog RSS" width="16" height="16"></a></div>


</span></div>
</span></div>
</div></div><div><div></div><div class="h5"><br>
<br><br><div class="gmail_quote">On Sun, Jan 16, 2011 at 4:58 PM, Marcelo Gondim <span dir="ltr">&lt;<a href="mailto:gondim@linuxinfo.com.br" target="_blank">gondim@linuxinfo.com.br</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Olá pessoal,<br>
<br>
O PHPMyAdmin nas versões que vi tanto do rpmforge quanto do EPEL estão<br>
vulneráveis à esses problemas:<br>
<br>
CVE-2010-4329<br>
<br>
   Cross site scripting was possible in search, that allowed<br>
   a remote attacker to inject arbitrary web script or HTML.<br>
<br>
CVE-2010-4480<br>
<br>
   Cross site scripting was possible in errors, that allowed<br>
   a remote attacker to inject arbitrary web script or HTML.<br>
<br>
CVE-2010-4481<br>
<br>
   Display of PHP&#39;s phpinfo() function was available to world, but only<br>
   if this functionality had been enabled (defaults to off). This may<br>
   leak some information about the host system.<br>
<br>
Um exemplo de como testar:<br>
<br>
<a href="http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&amp;error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www.tigersecurity.it%40_self]This%20Is%20a%20Link[%2Fa]" target="_blank">http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&amp;error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www.tigersecurity.it%40_self]This%20Is%20a%20Link[%2Fa]</a><br>


<br>
<br>
Alguém conhece algum outro repo que tenha uma versão mais atual do<br>
phpmyadmin ou pelo menos já corrigido? Estou evitando de instalar dos<br>
fontes, mas se não tiver outra opção vou usar do site oficial mesmo.<br>
<br>
[]&#39;s à todos<br>
_______________________________________________<br>
CentOS-pt-br mailing list<br>
<a href="mailto:CentOS-pt-br@centos.org" target="_blank">CentOS-pt-br@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-pt-br" target="_blank">http://lists.centos.org/mailman/listinfo/centos-pt-br</a><br>
</blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>