Mageia Advisory: MGASA-2014-0275 - Updated phpmyadmin packages fix CVE-2014-4349

Updated phpmyadmin packages fix CVE-2014-4349

Publication date: 27 Jun 2014
Modification date: 27 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4349

Description

Updated phpmyadmin packages fix security vulnerability:

In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding
or unhiding a crafted table name in the navigation, due to unescaped HTML
output in the navigation items hiding feature. Note that this vulnerability
can only be triggered by someone who logged in to phpMyAdmin, as the usual
token protection prevents non-logged-in users from accessing the required
form (CVE-2014-4349).

References

http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php
https://bugs.mageia.org/show_bug.cgi?id=13573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4349

SRPMS

3/core

phpmyadmin-4.1.14.1-1.mga3

4/core

phpmyadmin-4.1.14.1-1.mga4

Advisories » MGASA-2014-0275

Updated phpmyadmin packages fix CVE-2014-4349

Description

References

SRPMS

3/core

4/core