|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-336-1 (phpmyadmin)



From:
    	      Thijs Kinkhorst <thijs@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 336-1] phpmyadmin security update 


Date:
    	      Wed, 28 Oct 2015 20:55:06 +0100 (CET)


Message-ID:
    	      <20151028195506.EE8E759DA2@kinkhorst.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : phpmyadmin
Version        : 4:3.3.7-9
CVE ID         : CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902

Several issues have been fixed in phpMyAdmin, the web administration
tool for MySQL.

CVE-2014-8958

    Multiple cross-site scripting (XSS) vulnerabilities.

CVE-2014-9218

    Denial of service (resource consumption) via a long password.

CVE-2015-2206

    Risk of BREACH attack due to reflected parameter.

CVE-2015-3902

    XSRF/CSRF vulnerability in phpMyAdmin setup.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJWMSgCAAoJEFb2GnlAHawExCcH/3GndkN3P49XdjJrku0SCjfJ
/nUa1WRlwjhEQOYIn5PyYyszlAO7C92nzyvOiFrSa7CklEIwBnjStOBsW5kig2Ps
9FcRqOIRudDQnafNYwDcYdhcJU5JSuzL03+Mj0a87t5Qi3jOqMfR3UYS1x98lTz3
WUjrdc8Ec6My4UKlNTPz/nioyKPfw9G/Sw3/wsptIIB6Q1dVHFV+fZSPYoHIZ02C
Bl6qxhfMCM0pqVKjrHM3duKSm1d76ub8nloEkDNTuUr7dFCTA3pR0ypzRTU/ajoG
y4nKJI/NAOmXlis34luyV98GUMokJCnnq/jlmwXaG2Pz2JTLWgjUb0JteVDWzrY=
=DwPk
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds