Advisories ยป MGASA-2017-0471

Updated phpmyadmin packages fix security vulnerability

Publication date: 28 Dec 2017
Modification date: 28 Dec 2017
Type: security
Affected Mageia releases : 6

Description

Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by
deceiving a user to click on a crafted URL, it is possible to perform
harmful database operations such as deleting records,
dropping/truncating tables etc (PMASA-2017-9).

The phpmyadmin package has been updated to version 4.7.7 to fix this
issue and other bugs.

Note that phpMyAdmin 4.4.x in Mageia 5 is no longer supported.  Users of
the phpmyadmin package should upgrade to Mageia 6.
                

References

SRPMS

6/core