openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1347-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- phpMyAdmin 4.1.14.6 [boo#902154] [CVE-2014-8326] This
release fixes cross-site scripting vulnerabilities in
the SQL debug output and server monitor pages. This
developer option is not enabled by default.

- sf#4562 [security] XSS in debug SQL output

- sf#4563 [security] XSS in monitor query analyzer

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html
https://bugzilla.opensuse.org/show_bug.cgi?id=902154

Solution :

Update the affected phpMyAdmin package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 78837 ()

Bugtraq ID:

CVE ID: CVE-2014-8326

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now