Advisories » MGASA-2014-0099

Updated phpseclib and phpmyadmin packages fix security vulnerability

Publication date: 25 Feb 2014
Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1879

Description

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin
before 4.1.7 allows remote authenticated users to inject arbitrary
web script or HTML via a crafted filename in an import action
(CVE-2014-1879).

This upgrade provides the latest phpmyadmin version (4.1.8) to address
this vulnerability.

Additionally the phpseclib package has been added in Mageia 3 and updated in
Mageia 4, due to new dependencies.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12834
• http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php
• http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:046/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879

SRPMS

3/core

• phpseclib-0.3.5-1.mga3
• phpmyadmin-4.1.8-1.mga3

4/core

• phpseclib-0.3.5-1.mga4
• phpmyadmin-4.1.8-1.mga4