MGASA-2014-0099

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0099.html

Import Source

https://advisories.mageia.org/MGASA-2014-0099.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0099

Related

CVE-2014-1879

Published

2014-02-25T21:49:46Z

Modified

2014-02-25T21:49:43Z

Summary

Updated phpseclib and phpmyadmin packages fix security vulnerability

Details

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action (CVE-2014-1879).

This upgrade provides the latest phpmyadmin version (4.1.8) to address this vulnerability.

Additionally the phpseclib package has been added in Mageia 3 and updated in Mageia 4, due to new dependencies.

References

https://advisories.mageia.org/MGASA-2014-0099.html
https://bugs.mageia.org/show_bug.cgi?id=12834
http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php
http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:046/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2014-0099

Affected packages