Advisories ยป MGASA-2014-0310

Updated phpmyadmin package fixes security vulnerabilities

Publication date: 05 Aug 2014
Modification date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4955 , CVE-2014-4986 , CVE-2014-4987

Description

In phpMyAdmin before 4.1.14.2, when navigating into the database triggers
page, it is possible to trigger an XSS with a crafted trigger name
(CVE-2014-4955).

In phpMyAdmin before 4.1.14.2, with a crafted column name it is possible to
trigger an XSS when dropping the column in table structure page. With a
crafted table name it is possible to trigger an XSS when dropping or
truncating the table in table operations page (CVE-2014-4986).

In phpMyAdmin before 4.1.14.2, An unpriviledged user could view the MySQL
user list and manipulate the tabs displayed in phpMyAdmin for them
(CVE-2014-4987).
                

References

SRPMS

4/core

3/core