Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0495)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0495

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0495)

Resumen: The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2014-0495 advisory.

Descripción: Summary:
The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2014-0495 advisory.

Vulnerability Insight:
Updated phpmyadmin package fixes security vulnerabilities:

In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name
it is possible to trigger an XSS attack in the table browse page, with a
crafted ENUM value it is possible to trigger XSS attacks in the table print
view and zoom search pages, and with a crafted value for font size it is
possible to trigger an XSS attack in the home page (CVE-2014-8958).

In phpMyAdmin before 4.1.14.7, in the GIS editor feature, a parameter
specifying the geometry type was not correctly validated, opening the door to
a local file inclusion attack (CVE-2014-8959).

In phpMyAdmin before 4.1.14.7, with a crafted file name it is possible to
trigger an XSS in the error reporting page (CVE-2014-8960).

In phpMyAdmin before 4.1.14.7, in the error reporting feature, a parameter
specifying the file was not correctly validated, allowing the attacker to
derive the line count of an arbitrary file (CVE-2014-8961).

Affected Software/OS:
'phpmyadmin' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8958
BugTraq ID: 71243
http://www.securityfocus.com/bid/71243
Debian Security Information: DSA-3382 (Google Search)
http://www.debian.org/security/2015/dsa-3382
https://security.gentoo.org/glsa/201505-03
http://www.mandriva.com/security/advisories?name=MDVSA-2014:228
SuSE Security Announcement: openSUSE-SU-2014:1561 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-8959
BugTraq ID: 71247
http://www.securityfocus.com/bid/71247
Common Vulnerability Exposure (CVE) ID: CVE-2014-8960
BugTraq ID: 71244
http://www.securityfocus.com/bid/71244
Common Vulnerability Exposure (CVE) ID: CVE-2014-8961
BugTraq ID: 71245
http://www.securityfocus.com/bid/71245

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0495
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0495)
Resumen:	The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2014-0495 advisory.
Descripción:	Summary: The remote host is missing an update for the 'phpmyadmin' package(s) announced via the MGASA-2014-0495 advisory. Vulnerability Insight: Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages, and with a crafted value for font size it is possible to trigger an XSS attack in the home page (CVE-2014-8958). In phpMyAdmin before 4.1.14.7, in the GIS editor feature, a parameter specifying the geometry type was not correctly validated, opening the door to a local file inclusion attack (CVE-2014-8959). In phpMyAdmin before 4.1.14.7, with a crafted file name it is possible to trigger an XSS in the error reporting page (CVE-2014-8960). In phpMyAdmin before 4.1.14.7, in the error reporting feature, a parameter specifying the file was not correctly validated, allowing the attacker to derive the line count of an arbitrary file (CVE-2014-8961). Affected Software/OS: 'phpmyadmin' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8958 BugTraq ID: 71243 http://www.securityfocus.com/bid/71243 Debian Security Information: DSA-3382 (Google Search) http://www.debian.org/security/2015/dsa-3382 https://security.gentoo.org/glsa/201505-03 http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 SuSE Security Announcement: openSUSE-SU-2014:1561 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8959 BugTraq ID: 71247 http://www.securityfocus.com/bid/71247 Common Vulnerability Exposure (CVE) ID: CVE-2014-8960 BugTraq ID: 71244 http://www.securityfocus.com/bid/71244 Common Vulnerability Exposure (CVE) ID: CVE-2014-8961 BugTraq ID: 71245 http://www.securityfocus.com/bid/71245
Copyright	Copyright (C) 2022 Greenbone AG