openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1561-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

phpMyAdmin was updated to fix four security issues.

For openSUSE 12.3 and 13.1, phpMyAdmin was updated to 4.1.14.7. For
openSUSE 13.2, phpMyAdmin was updated to to 4.2.12.

These security issues were fixed :

- XSS vulnerability in error reporting functionality
(CVE-2014-8960).

- Local file inclusion vulnerability (CVE-2014-8959).

- Multiple XSS vulnerabilities (CVE-2014-8958).

- Leakage of line count of an arbitrary file
(CVE-2014-8961).

See also :

http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html
https://bugzilla.opensuse.org/show_bug.cgi?id=906485
https://bugzilla.opensuse.org/show_bug.cgi?id=906486
https://bugzilla.opensuse.org/show_bug.cgi?id=906487
https://bugzilla.opensuse.org/show_bug.cgi?id=906488

Solution :

Update the affected phpMyAdmin package.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 79753 ()

Bugtraq ID:

CVE ID: CVE-2014-8958
CVE-2014-8959
CVE-2014-8960
CVE-2014-8961

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now