Updated phpseclib and phpmyadmin packages fix security vulnerability
Publication date: 25 Feb 2014Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1879
Description
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action (CVE-2014-1879). This upgrade provides the latest phpmyadmin version (4.1.8) to address this vulnerability. Additionally the phpseclib package has been added in Mageia 3 and updated in Mageia 4, due to new dependencies.
References
SRPMS
4/core
- phpseclib-0.3.5-1.mga4
- phpmyadmin-4.1.8-1.mga4
3/core
- phpseclib-0.3.5-1.mga3
- phpmyadmin-4.1.8-1.mga3