http://bugzilla.opensuse.org/show_bug.cgi?id=908363 Bug ID: 908363 Summary: CVE-2014-9218: phpMyAdmin: DoS vulnerability with long passwords Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: All URL: http://www.phpmyadmin.net/home_page/security/PMASA-201 4-17.php OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: chris@computersalat.de, ecsos@schirra.net Found By: --- Blocker: ---
From http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
Announcement-ID: PMASA-2014-17 Date: 2014-12-03 Summary: DoS vulnerability with long passwords. Description: With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin. Severity: We consider this vulnerability to be serious. Mitigation factor: This vulnerability can be mitigated by configuring throttling in the webserver. Affected Versions: Versions 4.0.x (prior to 4.0.10.7), 4.1.x (prior to 4.1.14.8) and 4.2.x (prior to 4.2.13.1) are affected. Solution: Upgrade to phpMyAdmin 4.0.10.7 or newer, or 4.1.14.8 or newer, or 4.2.13.1 or newer, or apply the patch listed below. Assigned CVE ids: CVE-2014-9218 CWE ids: CWE-661 CWE-400 Patches: The following commits have been made to fix this issue: 1ac863c7573d12012374d5d41e5c7dc5505ea6e1 The following commits have been made on the 4.1 branch to fix this issue: 62b2c918d26cc78d1763945e3d44d1a63294a819 The following commits have been made on the 4.0 branch to fix this issue: 095729d81205f15f40d216d25917017da4c2fff8
-- You are receiving this mail because: You are on the CC list for the bug.