Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2015:186)
Medium Nessus Plugin ID 82486
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in phpmyadmin :
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 184.108.40.206, 4.2.x before 220.127.116.11, and 4.3.x before 18.104.22.168 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests (CVE-2015-2206).
This upgrade provides the latest phpmyadmin version (22.214.171.124) to address this vulnerability.
Additionally, the phpseclib package has been upgraded to the 0.3.10 version.
SolutionUpdate the affected phpmyadmin and / or phpseclib packages.