Advisories ยป MGASA-2014-0099

Updated phpseclib and phpmyadmin packages fix security vulnerability

Publication date: 25 Feb 2014
Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1879

Description

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin
before 4.1.7 allows remote authenticated users to inject arbitrary
web script or HTML via a crafted filename in an import action
(CVE-2014-1879).

This upgrade provides the latest phpmyadmin version (4.1.8) to address
this vulnerability.

Additionally the phpseclib package has been added in Mageia 3 and updated in
Mageia 4, due to new dependencies.
                

References

SRPMS

3/core

4/core