openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1636-1)

medium Nessus Plugin ID 80049

Synopsis

The remote openSUSE host is missing a security update.

Description

phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This update fixes one vulnerability.

- Security fixes :

- PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014- 17.php

- sf#4611 [security] DOS attack with long passwords

phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03)

- Security fixes :

- PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] http://www.phpmyadmin.net/home_page/security/PMASA-2014- 18.php

- sf#4612 [security] XSS vulnerability in redirection mechanism

- PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014- 17.php

- sf#4611 [security] DOS attack with long passwords

- Bugfixes :

- sf#4604 Query history not being deleted

- sf#4057 db/table query string parameters no longer work

- sf#4605 Unseen messages in tracking

- sf#4606 Tracking report export as SQL dump does not work

- sf#4607 Syntax error during db_copy operation

- sf#4608 SELECT permission issues with relations and restricted access

Solution

Update the affected phpMyAdmin package.

See Also

https://www.phpmyadmin.net/security/PMASA-2014-17/

https://www.phpmyadmin.net/security/PMASA-2014-18/

https://bugzilla.opensuse.org/show_bug.cgi?id=908363

https://bugzilla.opensuse.org/show_bug.cgi?id=908364

https://lists.opensuse.org/opensuse-updates/2014-12/msg00054.html

Plugin Details

Severity: Medium

ID: 80049

File Name: openSUSE-2014-776.nasl

Version: 1.5

Type: local

Agent: unix

Published: 12/16/2014

Updated: 1/19/2021

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:phpMyAdmin, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/6/2014

Reference Information

CVE: CVE-2014-9218, CVE-2014-9219