Updated phpmyadmin packages fix security vulnerability
Publication date: 28 Dec 2017Modification date: 28 Dec 2017
Type: security
Affected Mageia releases : 6
Description
Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by
deceiving a user to click on a crafted URL, it is possible to perform
harmful database operations such as deleting records,
dropping/truncating tables etc (PMASA-2017-9).
The phpmyadmin package has been updated to version 4.7.7 to fix this
issue and other bugs.
Note that phpMyAdmin 4.4.x in Mageia 5 is no longer supported. Users of
the phpmyadmin package should upgrade to Mageia 6.
References
- https://bugs.mageia.org/show_bug.cgi?id=22263
- https://www.phpmyadmin.net/security/PMASA-2017-9/
- https://www.phpmyadmin.net/files/4.7.2/
- https://www.phpmyadmin.net/files/4.7.3/
- https://www.phpmyadmin.net/files/4.7.4/
- https://www.phpmyadmin.net/files/4.7.5/
- https://www.phpmyadmin.net/files/4.7.6/
- https://www.phpmyadmin.net/files/4.7.7/
- https://www.phpmyadmin.net/news/2017/12/23/phpmyadmin-477-released/
SRPMS
6/core
- phpmyadmin-4.7.7-1.mga6