The branch, QA_3_4 has been updated
via 0212c7c01562418410c559ca081ef6239e6b13cb (commit)
via ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit)
from 849b6818f81cae1d5ae0a6857b6e5839a8b3ea10 (commit)
- Log -----------------------------------------------------------------
commit 0212c7c01562418410c559ca081ef6239e6b13cb
Merge: 849b681 ec040a1
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Thu Nov 10 15:44:43 2011 +0100
Merge remote-tracking branch 'origin/MAINT_3_4_7' into QA_3_4
-----------------------------------------------------------------------
Summary of changes:
hooks/post-receive
--
phpMyAdmin
The branch, master has been updated
via 1a56dd2e02918cef7485f37af0d0a190664f3374 (commit)
from fd6c4ccdbbf9d272dd8e5093f1c9c8981987cf70 (commit)
- Log -----------------------------------------------------------------
commit 1a56dd2e02918cef7485f37af0d0a190664f3374
Author: Marc Delisle <marc(a)infomarc.info>
Date: Thu Nov 10 09:36:06 2011 -0500
PMASA-2011-17
-----------------------------------------------------------------------
Summary of changes:
templates/security/PMASA-2011-17 | 60 ++++++++++++++++++++++++++++++++++++++
1 files changed, 60 insertions(+), 0 deletions(-)
create mode 100644 templates/security/PMASA-2011-17
diff --git a/templates/security/PMASA-2011-17 b/templates/security/PMASA-2011-17
new file mode 100644
index 0000000..9fc013c
--- /dev/null
+++ b/templates/security/PMASA-2011-17
@@ -0,0 +1,60 @@
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-17
+</py:def>
+
+<py:def function="announcement_date">
+2011-11-10
+</py:def>
+
+<py:def function="announcement_summary">
+Local file inclusion.
+</py:def>
+
+<py:def function="announcement_description">
+Importing a specially-crafted XML file which contains an XML entity injection
+permits to retrieve a local file (limited by the privileges of the user
+running the web server).
+</py:def>
+
+<py:def function="announcement_mitigation">
+The attacker must be logged in to MySQL via phpMyAdmin.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be serious.
+</py:def>
+
+<py:def function="announcement_affected">
+Versions 3.3.x and 3.4.x are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.7.1 or newer (or 3.3.10.5) or apply the related patches listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to Jan Lieskovsky from the Red Hat Security Response Team who warned
+the phpMyAdmin project that public disclosure of this problem has occurred.
+</py:def>
+
+<py:def function="announcement_cve">CVE-2011-4107</py:def>
+
+<py:def function="announcement_cwe">661</py:def>
+
+<py:def function="announcement_commits_3_4">
+05f96b921a7e7dacd02be5ca61b2e7bdd014ee55
+34d99de000de9d15cfdf5e9cc8b7682d51110bbd
+a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
+</py:def>
+
+<py:def function="announcement_commits_3_3">
+75606e5f82280eb1a3817badf1b24d512a010b80
+1a89c8ecfd09ceace81fb11e488f12599c0e49b6
+2fbf631384fd8cded55f4500cb87b129442f9ed2
+5fa86b8e81565c15ddbc359e8f59ecd829a2b717
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
hooks/post-receive
--
phpMyAdmin website
The annotated tag, RELEASE_3_4_7_1 has been created
at 1592b2224b7eb2e983c3953ae1b8f948ff16dae6 (tag)
tagging ec040a1b6e9d19bf3439e3f8931a4d63720ce867 (commit)
replaces RELEASE_3_4_7
tagged by Marc Delisle
on Thu Nov 10 09:15:21 2011 -0500
- Log -----------------------------------------------------------------
Released 3.4.7.1
Marc Delisle (3):
New PHP requirements for XML and ODS importing
ChangeLog for 3.4.7.1
3.4.7.1 release
Michal Čihař (5):
Disable loading of external XML entities when loading XML
Disable XML loading plugins on old PHP
Add missing release date
Merge branch 'MAINT_3_4_7' into MAINT_3_4_7-security
Changelog entry
-----------------------------------------------------------------------
hooks/post-receive
--
phpMyAdmin
The branch, master has been updated
via 839c0d493aedbfb031752b706acd550790f72019 (commit)
via e51a1cb73df8f3706fe0bb50ccdcae7fa2f893eb (commit)
via f674e3dbe952d9c4a7864067d7c286e9b01f527a (commit)
via 1b8f5a5c098905997a3072170d773a073331f7f6 (commit)
via edea25b07b51c2c5e277323f8047fcd82e695f7e (commit)
via 05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 (commit)
via 4dd5c0d0dc413d2cb2cfcb31f8d4aec0c753033c (commit)
via 063e6f92929c3aed3641cf79add4128c7e972d2f (commit)
via 34d99de000de9d15cfdf5e9cc8b7682d51110bbd (commit)
via a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 (commit)
from f49fe427f534350e029f0b08627e6ce565368de8 (commit)
- Log -----------------------------------------------------------------
commit 839c0d493aedbfb031752b706acd550790f72019
Merge: f49fe42 e51a1cb
Author: Marc Delisle <marc(a)infomarc.info>
Date: Thu Nov 10 09:00:13 2011 -0500
Merge branch 'QA_3_4'
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 4 ++++
Documentation.html | 3 +++
libraries/import/ods.php | 12 ++++++++++++
libraries/import/xml.php | 12 ++++++++++++
4 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index d8b0494..6e2fd10 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -70,6 +70,10 @@ phpMyAdmin - ChangeLog
- patch #3430291 [import] Handle conflicts in some open_basedir situations
- bug #3431427 [display] Dropdown results - setting NULL does not work
+3.4.7.1 (not yet released)
+- [security] Fixed possible local file inclusion in XML import
+(CVE-2011-4107).
+
3.4.7.0 (2011-10-23)
- bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false
- bug #3418849 [interface] Inline edit shows dropdowns even after closing
diff --git a/Documentation.html b/Documentation.html
index c31706a..458108c 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -82,6 +82,9 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
<li>To support BLOB streaming, see PHP and MySQL requirements
in <a href="#faq6_25">
<abbr title="Frequently Asked Questions">FAQ</abbr> 6.25</a>.</li>
+ <li>To support XML and Open Document Spreadsheet importing,
+ you need PHP 5.2.17 or newer and the
+ <a href="http://www.php.net/libxml"><tt>libxml</tt></a> extension.</li>
</ul>
</li>
<li><b>MySQL</b> 5.0 or newer (<a href="#faq1_17">details</a>);</li>
diff --git a/libraries/import/ods.php b/libraries/import/ods.php
index fc1c177..8af40f4 100644
--- a/libraries/import/ods.php
+++ b/libraries/import/ods.php
@@ -14,6 +14,13 @@ if (! defined('PHPMYADMIN')) {
}
/**
+ * We need way to disable external XML entities processing.
+ */
+if (!function_exists('libxml_disable_entity_loader')) {
+ return;
+}
+
+/**
* The possible scopes for $plugin_param are: 'table', 'database', and 'server'
*/
@@ -61,6 +68,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) {
unset($data);
/**
+ * Disable loading of external XML entities.
+ */
+libxml_disable_entity_loader();
+
+/**
* Load the XML string
*
* The option LIBXML_COMPACT is specified because it can
diff --git a/libraries/import/xml.php b/libraries/import/xml.php
index a3768cd..727c63b 100644
--- a/libraries/import/xml.php
+++ b/libraries/import/xml.php
@@ -13,6 +13,13 @@ if (! defined('PHPMYADMIN')) {
}
/**
+ * We need way to disable external XML entities processing.
+ */
+if (!function_exists('libxml_disable_entity_loader')) {
+ return;
+}
+
+/**
* The possible scopes for $plugin_param are: 'table', 'database', and 'server'
*/
@@ -54,6 +61,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) {
unset($data);
/**
+ * Disable loading of external XML entities.
+ */
+libxml_disable_entity_loader();
+
+/**
* Load the XML string
*
* The option LIBXML_COMPACT is specified because it can
hooks/post-receive
--
phpMyAdmin