Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:243)
Medium Nessus Plugin ID 79988
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionMultiple vulnerabilities has been discovered and corrected in phpmyadmin :
libraries/common.inc.php in phpMyAdmin 4.0.x before 188.8.131.52, 4.1.x before 184.108.40.206, and 4.2.x before 220.127.116.11 allows remote attackers to cause a denial of service (resource consumption) via a long password (CVE-2014-9218).
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 18.104.22.168 allows remote attackers to inject arbitrary web script or HTML via the url parameter (CVE-2014-9219).
This upgrade provides the latest phpmyadmin version (22.214.171.124) to address these vulnerabilities.
SolutionUpdate the affected phpmyadmin package.