Web Development

Security news roundup: November 12

Here's a collection of recent security vulnerabilities and alerts, which covers the release of PHP 5.2.5, multiple vulnerabilities discovered in phpMyAdmin, and various security updates released by SUSE.

Here's a collection of recent security vulnerabilities and alerts, which covers the release of PHP 5.2.5, multiple vulnerabilities discovered in phpMyAdmin, and various security updates released by SUSE.

  • PHP 5.2.5 released

Version 5.2.5 of the PHP scripting language has been released. Other than offering numerous improvements, it closes a number of security holes. More than 60 flaws have been fixed.

As such, the PHP team recommend an urgent upgrade to this new version.

You can read the PHP 5.2.5 Release Announcement here.

  • Multiple vulnerabilities discovered in phpMyAdmin

Users of phpMyAdmin might want to take note of multiple security vulnerabilities identified in versions of phpMyAdmin prior to 2.11.2.1.

Excerpt from FrSIRT:

Multiple vulnerabilities have been identified in phpMyAdmin, which could be exploited by malicious users to conduct cross site scripting and SQL injection attacks. These issues are caused by an input validation error in the "db_create.php" script when processing the "db" parameter, which could be exploited by authenticated attackers to inject and execute arbitrary SQL queries or scripting code.

Solution is to upgrade to phpMyAdmin 2.11.2.1.

  • SUSE releases updates for koffice, poppler and xpdf

SUSE has issued various updates that resolves issues in koffice, poppler and xpdf. We have reported separately on a non SUSE-specific patch for xpdf a few days ago.

All three patches addressses vulnerabilities that can result in a remote system compromise. As such, users are encouraged to update as soon as possible.

You can obtain more information from security site Secunia for koffice, poppler, and xpdf respectively.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.