This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A vulnerability has been discovered and corrected in phpmyadmin :
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 22.214.171.124,
4.2.x before 126.96.36.199, and 4.3.x before 188.8.131.52 includes invalid
language values in unknown-language error responses that contain a
CSRF token and may be sent with HTTP compression, which makes it
easier for remote attackers to conduct a BREACH attack and determine
this token via a series of crafted requests (CVE-2015-2206).
This upgrade provides the latest phpmyadmin version (184.108.40.206) to
address this vulnerability.
Additionally, the phpseclib package has been upgraded to the 0.3.10
See also :
Update the affected phpmyadmin and / or phpseclib packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true