-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : adminer Version : 3.3.3-1+deb7u1 CVE ID : CVE-2018-7667 Debian Bug : #893668
It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts or perform port scanning of other servers. For Debian 7 "Wheezy", this issue has been fixed in adminer version 3.3.3-1+deb7u1. We recommend that you upgrade your adminer packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqzx4IACgkQHpU+J9Qx Hlgqhg/+KfM5/8OKDv99f0F7zH9PCExw86Q+939oeoyvNTsewmtOsFpv45XuZElg uCth0XBX/mU+uUvC7/1a1ixpthaHfTWnlJ5Wmjg7ytmdtOY0RyzxYV+UPvxFNdTp ECKeoGqHIbVvyiEnVGEi+L+tuPP9L4ZrKr1sMMC4W4gwSG2bJTif72w7GNXKoXYz qiqz1Sf8FU4zdllppcuk/ifokiBE3KZ+mxvkzg4L7nzRYNEOTWG9y36+9WIBNB3u MJ5qZUaEUC9whgcYtLsskCc16vBdsSekA5v71HUYxFKrwHA0b/DpDtawmbUOE5s0 xpTgTjNbFo/sv1yDXIj2I7JNTJFISgGe7P5asRyvJY6vWzQuCj7xCAcCIcCjVYOf T2coa14qEdAYPYK7YwufVzWog4f+DDMs8YxDAtSiWoDA5eqk1/zaXP3qQB5NZpOt zjxJ1PUBEgH7S3kF7xL3cnS3xHv0RjCYor4OZrQ/Sq2t1eBI8c5LgqcLZnov2zuh kd19TOUpaSAEIO8Sdb7njM9KI0/m56wIKycJ9IvAUDBQIgmYH1Ly25GUQ00dHvdQ 9TMOeYPgtHS1iifI2FRuKnKrolcxJGdKZXPWrogqL7Mp3SnpXGpBHgGQGQvkh4TP c6EUDNrzwGIGYUPK4Gs/jz1lYG5V3PUZKFs7A3Ecafo8eTPrbB4= =X8Gg -----END PGP SIGNATURE-----