Advisories » MGASA-2014-0383

Updated phpmyadmin package fix CVE-2014-6300

Publication date: 22 Sep 2014
Modification date: 22 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6300

Description

Updated phpmyadmin package fixes security vulnerability:

In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a
crafted URL, it is possible to perform remote code execution and in some
cases, create a root account due to a DOM based XSS vulnerability in the
micro history feature (CVE-2014-6300).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14100
• http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300

SRPMS

4/core

• phpmyadmin-4.1.14.4-1.mga4

3/core

• phpmyadmin-4.1.14.4-1.mga3