Updated phpmyadmin packages fix security vulnerabilities
Publication date: 18 May 2015Modification date: 18 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3902 , CVE-2015-3903
Description
Updated phpmyadmin package fixes security vulnerabilities:
In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL,
it is possible to alter the configuration file being generated with phpMyAdmin
setup (CVE-2015-3902).
In phpMyAdmin before 4.2.13.3, a vulnerability in the API call to GitHub can
be exploited to perform a man-in-the-middle attack (CVE-2015-3903).
With this update, the phpmyadmin package has been updated to the 4.2 branch,
which has some additional changes and new features. The 4.1 branch is no
longer supported.
References
- https://bugs.mageia.org/show_bug.cgi?id=15945
- http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php
- https://sourceforge.net/p/phpmyadmin/news/2014/05/phpmyadmin-420-is-released/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903
SRPMS
4/core
- phpmyadmin-4.2.13.3-1.mga4