Debian Security Advisory
DSA-3382-1 phpmyadmin -- security update
- Date Reported:
- 28 Oct 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 774194.
In Mitre's CVE dictionary: CVE-2014-8958, CVE-2014-9218, CVE-2015-2206, CVE-2015-3902, CVE-2015-3903, CVE-2015-6830, CVE-2015-7873.
- More information:
Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL.
Multiple cross-site scripting (XSS) vulnerabilities.
Denial of service (resource consumption) via a long password.
Risk of BREACH attack due to reflected parameter.
XSRF/CSRF vulnerability in phpMyAdmin setup.
Vulnerability allowing man-in-the-middle attack on API call to GitHub.
Vulnerability that allows bypassing the reCaptcha test.
Content spoofing vulnerability when redirecting user to an external site.
For the oldstable distribution (wheezy), these problems have been fixed in version 4:18.104.22.168-2+deb7u2.
For the stable distribution (jessie), these problems have been fixed in version 4:4.2.12-2+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 4:4.5.1-1.
We recommend that you upgrade your phpmyadmin packages.
- CVE-2014-8958 (Wheezy only)