openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1065-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of phpMyAdmin fixes several security issues.

- update to 3.5.8.1 (2013-04-24)

- [security] Remote code execution (preg_replace),
reported by Janek Vind (see PMASA-2013-2)

- [security] Locally Saved SQL Dump File Multiple File
Extension Remote Code Execution, reported by Janek Vind
(see PMASA-2013-3)

- fix for bnc#824301

- PMASA-2013-2 (CVE-2013-3238)

- fix for bnc#824302

- PMASA-2013-3 (CVE-2013-3239)

- update to 3.5.8 (2013-04-08)

- sf#3828 MariaDB reported as MySQL

- sf#3854 Incorrect header for Safari 6.0

- sf#3705 Attempt to open trigger for edit gives NULL

- Use HTML5 DOCTYPE

- [security] Self-XSS on GIS visualisation page, reported
by Janek Vind see PMASA-2013-1

- sf#3800 Incorrect keyhandler behaviour #2

- fix for bnc#814678

- PMASA-2013-1 (CVE-2013-1937)

See also :

http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html
https://bugzilla.novell.com/show_bug.cgi?id=814678
https://bugzilla.novell.com/show_bug.cgi?id=824301
https://bugzilla.novell.com/show_bug.cgi?id=824302

Solution :

Update the affected phpMyAdmin package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75055 ()

Bugtraq ID:

CVE ID: CVE-2013-1937
CVE-2013-3238
CVE-2013-3239

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now