Mailinglist Archive: opensuse-updates (113 mails)

< Previous Next >
openSUSE-SU-2014:1561-1: moderate: Security update for phpMyAdmin
openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1561-1
Rating: moderate
References: #906485 #906486 #906487 #906488
Cross-References: CVE-2014-8958 CVE-2014-8959 CVE-2014-8960
CVE-2014-8961
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

phpMyAdmin was updated to fix four security issues.

For openSUSE 12.3 and 13.1, phpMyAdmin was updated to 4.1.14.7. For
openSUSE 13.2, phpMyAdmin was updated to to 4.2.12.

These security issues were fixed:
- XSS vulnerability in error reporting functionality (CVE-2014-8960).
- Local file inclusion vulnerability (CVE-2014-8959).
- Multiple XSS vulnerabilities (CVE-2014-8958).
- Leakage of line count of an arbitrary file (CVE-2014-8961).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2014-735

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-735

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-735

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (noarch):

phpMyAdmin-4.2.12-4.1

- openSUSE 13.1 (noarch):

phpMyAdmin-4.1.14.7-24.1

- openSUSE 12.3 (noarch):

phpMyAdmin-4.1.14.7-1.32.1


References:

http://support.novell.com/security/cve/CVE-2014-8958.html
http://support.novell.com/security/cve/CVE-2014-8959.html
http://support.novell.com/security/cve/CVE-2014-8960.html
http://support.novell.com/security/cve/CVE-2014-8961.html
https://bugzilla.suse.com/show_bug.cgi?id=906485
https://bugzilla.suse.com/show_bug.cgi?id=906486
https://bugzilla.suse.com/show_bug.cgi?id=906487
https://bugzilla.suse.com/show_bug.cgi?id=906488


< Previous Next >
This Thread
  • No further messages