Debian Security Advisory
DLA-336-1 phpmyadmin -- LTS security update
- Date Reported:
- 28 Oct 2015
- Affected Packages:
- phpmyadmin
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-8958, CVE-2014-9218, CVE-2015-2206, CVE-2015-3902.
- More information:
-
Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL.
- CVE-2014-8958
Multiple cross-site scripting (XSS) vulnerabilities.
- CVE-2014-9218
Denial of service (resource consumption) via a long password.
- CVE-2015-2206
Risk of BREACH attack due to reflected parameter.
- CVE-2015-3902
XSRF/CSRF vulnerability in phpMyAdmin setup.
- CVE-2014-8958