openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1636-1)

Medium Nessus Plugin ID 80049


The remote openSUSE host is missing a security update.


phpMyAdmin on openSUSE 12.3 and 13.1 was updated to This update fixes one vulnerability.

- Security fixes :

- PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] 17.php

- sf#4611 [security] DOS attack with long passwords

phpMyAdmin on openSUSE 13.2 was updated to (2014-12-03)

- Security fixes :

- PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] 18.php

- sf#4612 [security] XSS vulnerability in redirection mechanism

- PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] 17.php

- sf#4611 [security] DOS attack with long passwords

- Bugfixes :

- sf#4604 Query history not being deleted

- sf#4057 db/table query string parameters no longer work

- sf#4605 Unseen messages in tracking

- sf#4606 Tracking report export as SQL dump does not work

- sf#4607 Syntax error during db_copy operation

- sf#4608 SELECT permission issues with relations and restricted access


Update the affected phpMyAdmin package.

See Also

Plugin Details

Severity: Medium

ID: 80049

File Name: openSUSE-2014-776.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/12/16

Modified: 2014/12/16

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:phpMyAdmin, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2014/12/06

Reference Information

CVE: CVE-2014-9218, CVE-2014-9219