Debian Security Advisory
DLA-481-1 phpmyadmin -- LTS security update
- Date Reported:
- 18 May 2016
- Affected Packages:
- phpmyadmin
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-1927, CVE-2016-2038, CVE-2016-2039, CVE-2016-2040, CVE-2016-2041, CVE-2016-2045, CVE-2016-2560.
- More information:
-
This security update fixes a number of security issues in phpMyAdmin. We recommend you upgrade your phpmyadmin packages.
- CVE-2016-1927
suggestPassword generates weak passphrases
- CVE-2016-2038
information disclosure via crafted requests
- CVE-2016-2039
weak CSRF token values
- CVE-2016-2040
XSS vulnerabilities in authenticated users
- CVE-2016-2041
information breach in CSRF token comparison
- CVE-2016-2045
XSS injection via crafted SQL queries
- CVE-2016-2560
XSS injection
Further information about Debian LTS security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
For Debian 7
Wheezy
, these issues have been fixed in phpmyadmin version 4:3.4.11.1-2+deb7u3 - CVE-2016-1927