User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0275 (phpmyadmin)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0275: Updated phpmyadmin packages fix CVE-2014-4349
Date:  Fri, 27 Jun 2014 17:03:21 +0200
Message-ID:  <20140627150321.2730148999@valstar.mageia.org>

MGASA-2014-0275 - Updated phpmyadmin packages fix CVE-2014-4349 Publication date: 27 Jun 2014 URL: http://advisories.mageia.org/MGASA-2014-0275.html Type: security Affected Mageia releases: 3, 4 CVE: CVE-2014-4349 Description: Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be triggered by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form (CVE-2014-4349). References: - http://www.phpmyadmin.net/home_page/security/PMASA-2014-3... - https://bugs.mageia.org/show_bug.cgi?id=13573 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4349 SRPMS: - 4/core/phpmyadmin-4.1.14.1-1.mga4 - 3/core/phpmyadmin-4.1.14.1-1.mga3


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds