Re: [suse-security-announce] SUSE Security Announcement: phpMyAdmin remote code execution (SUSE-SA:2005:066)
On Friday 18 November 2005 5:35 am, Marcus Meissner wrote:
___________________________________________________________________________ ___
SUSE Security Announcement
Package: phpMyAdmin Announcement ID: SUSE-SA:2005:066 Date: Fri, 18 Nov 2005 11:00:00 +0000
Anyone else having a problem after this YOU update? I have three boxes, all of them started crapping out with the following error message when trying to access phpMyAdmin, Fatal error: main(): Failed opening required './' (include_path='.:/usr/share/php') in /srv/www/htdocs/phpMyAdmin/libraries/grab_globals.lib.php on line 70 That file, grab_gobals.lib.php is one that was changed by the YOU update. Commenting out the 'require' on line 70 makes the error go away, but I'm sure that's not really the right solution. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-21.9-default x86_64 SuSE Linux 9.3 (x86-64)
I experienced the same problem and rolled back the update. On Friday 18 November 2005 8:40 pm, Scott Leighton wrote:
On Friday 18 November 2005 5:35 am, Marcus Meissner wrote:
_________________________________________________________________________ __ ___
SUSE Security Announcement
Package: phpMyAdmin Announcement ID: SUSE-SA:2005:066 Date: Fri, 18 Nov 2005 11:00:00 +0000
Anyone else having a problem after this YOU update? I have three boxes, all of them started crapping out with the following error message when trying to access phpMyAdmin,
Fatal error: main(): Failed opening required './' (include_path='.:/usr/share/php') in /srv/www/htdocs/phpMyAdmin/libraries/grab_globals.lib.php on line 70
That file, grab_gobals.lib.php is one that was changed by the YOU update. Commenting out the 'require' on line 70 makes the error go away, but I'm sure that's not really the right solution.
Scott
-- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-21.9-default x86_64 SuSE Linux 9.3 (x86-64)
On Fri, Nov 18, 2005 at 06:40:36PM -0800, Scott Leighton wrote:
On Friday 18 November 2005 5:35 am, Marcus Meissner wrote:
___________________________________________________________________________ ___
SUSE Security Announcement
Package: phpMyAdmin Announcement ID: SUSE-SA:2005:066 Date: Fri, 18 Nov 2005 11:00:00 +0000
Anyone else having a problem after this YOU update? I have three boxes, all of them started crapping out with the following error message when trying to access phpMyAdmin,
Fatal error: main(): Failed opening required './' (include_path='.:/usr/share/php') in /srv/www/htdocs/phpMyAdmin/libraries/grab_globals.lib.php on line 70
That file, grab_gobals.lib.php is one that was changed by the YOU update. Commenting out the 'require' on line 70 makes the error go away, but I'm sure that's not really the right solution.
We have several reports of this. We will try to get a fixed version out on Monday. Ciao, Marcus
On Saturday 19 November 2005 7:39 am, Marcus Meissner wrote:
We have several reports of this.
We will try to get a fixed version out on Monday.
Ciao, Marcus
Great! Thank-you! Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.11.4-21.9-default x86_64 SuSE Linux 9.3 (x86-64)
On Sat, Nov 19, 2005 at 04:39:19PM +0100, Marcus Meissner wrote:
On Fri, Nov 18, 2005 at 06:40:36PM -0800, Scott Leighton wrote:
On Friday 18 November 2005 5:35 am, Marcus Meissner wrote:
___________________________________________________________________________ ___
SUSE Security Announcement
Package: phpMyAdmin Announcement ID: SUSE-SA:2005:066 Date: Fri, 18 Nov 2005 11:00:00 +0000
Anyone else having a problem after this YOU update? I have three boxes, all of them started crapping out with the following error message when trying to access phpMyAdmin,
Fatal error: main(): Failed opening required './' (include_path='.:/usr/share/php') in /srv/www/htdocs/phpMyAdmin/libraries/grab_globals.lib.php on line 70
That file, grab_gobals.lib.php is one that was changed by the YOU update. Commenting out the 'require' on line 70 makes the error go away, but I'm sure that's not really the right solution.
We have several reports of this.
We will try to get a fixed version out on Monday.
We released updated phpMyAdmin packages to fix this yesterday evening (a day late). It also includes fixes for yet another cross site scripting problem too. Ciao, Marcus
participants (3)
-
Chris Quinn -
Marcus Meissner -
Scott Leighton