openSUSE-SU-2014:1636-1: moderate: Security update for phpMyAdmin

openSUSE Security Update: Security update for phpMyAdmin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1636-1 Rating: moderate References: #908363 #908364 Cross-References: CVE-2014-9218 CVE-2014-9219 Affected Products: openSUSE 13.2 openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This update fixes one vulnerability. - Security fixes: * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php - sf#4611 [security] DOS attack with long passwords phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03) - Security fixes: * PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php - sf#4612 [security] XSS vulnerability in redirection mechanism * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php - sf#4611 [security] DOS attack with long passwords - Bugfixes: - sf#4604 Query history not being deleted - sf#4057 db/table query string parameters no longer work - sf#4605 Unseen messages in tracking - sf#4606 Tracking report export as SQL dump does not work - sf#4607 Syntax error during db_copy operation - sf#4608 SELECT permission issues with relations and restricted access Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2014-776 - openSUSE 13.1: zypper in -t patch openSUSE-2014-776 - openSUSE 12.3: zypper in -t patch openSUSE-2014-776 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (noarch): phpMyAdmin-4.2.13.1-8.1 - openSUSE 13.1 (noarch): phpMyAdmin-4.1.14.8-28.1 - openSUSE 12.3 (noarch): phpMyAdmin-4.1.14.8-1.38.1 References: http://support.novell.com/security/cve/CVE-2014-9218.html http://support.novell.com/security/cve/CVE-2014-9219.html https://bugzilla.suse.com/show_bug.cgi?id=908363 https://bugzilla.suse.com/show_bug.cgi?id=908364