Advisories » MGASA-2017-0100

Updated phpmyadmin packages fix security vulnerability

Publication date: 03 Apr 2017
Modification date: 03 Apr 2017
Type: security
Affected Mageia releases : 5

Description

A vulnerability was discovered where the restrictions caused by
$cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain
PHP versions. This can allow the login of users who have no password set
even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword']
to false (which is also the default).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20600
• https://www.phpmyadmin.net/security/PMASA-2017-8/

SRPMS

5/core

• phpmyadmin-4.4.15.10-2.mga5